Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7)

From: Daniel Jacobowitz (drowat_private)
Date: Tue Nov 16 1999 - 10:54:24 PST

Next message: Dan Stromberg: "rpc.ttdbserverd on solaris 7"

Previous message: Brian: "default permissions for tin"
Maybe in reply to: Blue Boar: "ssh-1.2.27 remote buffer overflow - exploitable (VD#7)"
Next in thread: Nick Craig-Wood: "Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Nov 16, 1999 at 11:30:16AM +0100, Oystein Viggen wrote:
> Blue Boar wrote:
>
> > <SNIP>
> > Debian is immune for the (somewhat messy) reasons that they do not link
> > ssh to rsaref, last time that I checked.
> > <SNIP>
>
> Does the fact that the international version of ssh from replay.com uses
> "internal rsaref" instead of the "external rsaref" in the US version make
> it immune to this attack too?
>
> The version is at least not as far as I can see externally linked to any
> rsaref library:

As far as I can tell from the spec file, the -5i version is never
configured with --with-rsaref, and the guilty code in rsaglue.c is
never reached.

Dan

/--------------------------------\  /--------------------------------\
|       Daniel Jacobowitz        |__|        SCS Class of 2002       |
|   Debian GNU/Linux Developer    __    Carnegie Mellon University   |
|         danat_private         |  |       dmj+@andrew.cmu.edu      |
\--------------------------------/  \--------------------------------/

Next message: Dan Stromberg: "rpc.ttdbserverd on solaris 7"
Previous message: Brian: "default permissions for tin"
Maybe in reply to: Blue Boar: "ssh-1.2.27 remote buffer overflow - exploitable (VD#7)"
Next in thread: Nick Craig-Wood: "Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:13:03 PDT