Bug 104573 - Buffer managment errors in OpenSSH < 3.7.1
Summary: Buffer managment errors in OpenSSH < 3.7.1
Keywords:
Status: CLOSED DUPLICATE of bug 104551
Alias: None
Product: Red Hat Raw Hide
Classification: Retired
Component: openssh
Version: 1.0
Hardware: All
OS: Linux
high
medium
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact: Brian Brock
URL: http://marc.theaimsgroup.com/?l=openb...
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2003-09-17 13:34 UTC by Alan Sanderson
Modified: 2007-03-27 04:09 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2006-02-21 18:58:36 UTC


Attachments (Terms of Use)

Description Alan Sanderson 2003-09-17 13:34:26 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i586; en-AU; rv:1.5a) Gecko/20030801
Mozilla Firebird/0.6.1

Description of problem:
Buffer managment errors have been discorever in OpenSSH 3.7.0 and below, this
has been said to be remotely exploitable.
OpenSSH should therefore be upgraded to 3.7.1 in rawhide and no doubt in RedHat
Linux 9.0, 8.0, 7.3, 7.2, 7.1.

Version-Release number of selected component (if applicable):
openssh-3.6.1p2-4

How reproducible:
Always

Steps to Reproduce:
1.See description
2.
3.
    

Actual Results:  See description

Expected Results:  See description

Additional info:

http://marc.theaimsgroup.com/?l=openbsd-misc&m=106375456923804&w=2
http://marc.theaimsgroup.com/?l=openbsd-misc&m=106375452423794&w=2
http://slashdot.org/article.pl?sid=03/09/16/1327248&mode=nested&tid=126&tid=172

Comment 1 Hrunting Johnson 2003-09-17 14:37:16 UTC
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/channels.c.diff?r1=1.194&r2=1.195&f=h

These are the changes that need to be made.  This is a very similar fix to
yesterday's buffer.c patch which does need to be applied to yesterday's errata.

Comment 2 Mark J. Cox 2003-09-17 15:45:56 UTC

*** This bug has been marked as a duplicate of 104551 ***

Comment 3 Red Hat Bugzilla 2006-02-21 18:58:36 UTC
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.


Note You need to log in before you can comment on or make changes to this bug.