Re: SSH deja vu

From: Lucian Hudin (luciat_private)
Date: Tue Oct 23 2001 - 14:18:06 PDT

Next message: Jay D. Dyson: "Sun Security Bulletin #00211 (fwd)"

Previous message: Stefanos Harhalakis: "Apache suexec"
In reply to: Michal Zalewski: "Re: SSH deja vu"
Next in thread: Michal Zalewski: "Re: SSH deja vu"
Reply: Michal Zalewski: "Re: SSH deja vu"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

 I don't know about any teso exploit, but what I want to mention is
that I rememeber studying this problem myself and I've found
that the crc32 bug doesn't manifest under operating systems that
return NULL on realloc(ptr, 0);
 So if the exploit is based on the fact that realloc(ptr, 0) will
NOT return NULL, Linux & W2k (systems I have access on) were never
actually vulnerable.

 The Linux realloc manual says :
 "realloc() returns a pointer to the newly allocated memory, which is
 suitably aligned  for  any  kind  of variable  and  may  be  different
 from ptr, or NULL if the request fails or if size was equal to 0.

CONFORMING TO
       ANSI-C
"

Regards,
Luci

Next message: Jay D. Dyson: "Sun Security Bulletin #00211 (fwd)"
Previous message: Stefanos Harhalakis: "Apache suexec"
In reply to: Michal Zalewski: "Re: SSH deja vu"
Next in thread: Michal Zalewski: "Re: SSH deja vu"
Reply: Michal Zalewski: "Re: SSH deja vu"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Oct 23 2001 - 21:48:55 PDT