SSH 3.1.0 Potential Exploit + FIX

From: SoulBlazer (soul@lamp-post.net)
Date: Fri Mar 15 2002 - 09:36:37 PST

Next message: Gabriel A. Maggiotti: "about gawk"

Previous message: Mike Batchelder: "RE: Buffer overflow in awk"
Next in thread: sekureat_private: "Re: SSH 3.1.0 Potential Exploit + FIX"
Reply: sekureat_private: "Re: SSH 3.1.0 Potential Exploit + FIX"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Greetings,

With all the hype about openssh being hackable, and zlib-1.1.3 being a 
potential hole, I believe that perhaps the following has been overlooked.

(/usr/src/build/ssh-3.1.0/lib/zlib)# : more ChangeLog

                ChangeLog file for zlib

Changes in 1.1.3 (9 July 1998)
- fix "an inflate input buffer bu

Heh anyhow I patched ssh 3.1.0 against the newer zlib (1.1.4) and made the 
appropriate adjustments, patch attached.

Cheers,

Shoutouts to galt, FEENiX, wirepair, cylons, lpn, aeonflux, terrorbyt, 
index1, korolev, killahack,cowofdoom,oatmeal.. and any who I missed here.. 
you know who you are. =)

--
Tread lightly, for you address not the storm.. but the force that binds it..

application/x-bzip2 attachment: zlib-1.1.4-ssh-3.1.0.diff.bz2

Next message: Gabriel A. Maggiotti: "about gawk"
Previous message: Mike Batchelder: "RE: Buffer overflow in awk"
Next in thread: sekureat_private: "Re: SSH 3.1.0 Potential Exploit + FIX"
Reply: sekureat_private: "Re: SSH 3.1.0 Potential Exploit + FIX"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Mar 15 2002 - 10:30:55 PST