Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7)

• Previous message: Jared Still: "Re: Oracle 8 root exploit"
• Maybe in reply to: Blue Boar: "ssh-1.2.27 remote buffer overflow - exploitable (VD#7)"
• Next in thread: Jochen Bauer: "Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Blue Boar wrote:

> <SNIP>
> Debian is immune for the (somewhat messy) reasons that they do not link
> ssh to rsaref, last time that I checked.
> <SNIP>

Does the fact that the international version of ssh from replay.com uses
"internal rsaref" instead of the "external rsaref" in the US version make
it immune to this attack too?

The version is at least not as far as I can see externally linked to any
rsaref library:

[oysteivi@colargol ~]$ ldd /usr/sbin/sshd1
        libz.so.1 => /usr/lib/libz.so.1 (0x40017000)
        libnsl.so.1 => /lib/libnsl.so.1 (0x40027000)
        libcrypt.so.1 => /lib/libcrypt.so.1 (0x4003d000)
        libpam.so.0 => /lib/libpam.so.0 (0x4006a000)
        libdl.so.2 => /lib/libdl.so.2 (0x40072000)
        libutil.so.1 => /lib/libutil.so.1 (0x40075000)
        libc.so.6 => /lib/libc.so.6 (0x40078000)
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)

(http://www.zedz.net/redhat/ssh.html to check it out for yourselves).

Oystein
--
"It's pudding time, children!"

• Next message: redhat-watch-listat_private: "[RHSA-1999:053-01] new NFS server pacakges available (5.2, 4.2)"
• Previous message: Jared Still: "Re: Oracle 8 root exploit"
• Maybe in reply to: Blue Boar: "ssh-1.2.27 remote buffer overflow - exploitable (VD#7)"
• Next in thread: Jochen Bauer: "Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:12:50 PDT