자료출처: http://www.securityfocus.com/archive/1/337662/2003-09-13/2003-09-19/2
The
following advisory is listed on the OpenSSH security page. It was up
some
time ago before disappearing for a while and then reappearing in the
last few
minutes.
---
Subject: OpenSSH Security Advisory:
buffer.adv
This is the 1st revision of the Advisory.
This document
can be found at: http://www.openssh.com/txt/buffer.adv
1.
Versions affected:
All versions of OpenSSH's sshd prior to 3.7
contain a buffer
management error. It is uncertain whether this
error is
potentially exploitable, however, we prefer to see
bugs
fixed proactively.
2. Solution:
Upgrade to
OpenSSH 3.7 or apply the following patch.
Appendix:
Index:
buffer.c
===================================================================
RCS
file: /cvs/src/usr.bin/ssh/buffer.c,v
retrieving revision 1.16
retrieving
revision 1.17
diff -u -r1.16 -r1.17
--- buffer.c 26 Jun 2002
08:54:18 -0000 1.16
+++ buffer.c 16 Sep 2003 03:03:47
-0000 1.17
@@ -69,6 +69,7 @@
void *
buffer_append_space(Buffer
*buffer, u_int len)
{
+ u_int newlen;
void
*p;
if (len > 0x100000)
@@ -98,11 +99,13
@@
goto restart;
}
/* Increase the size
of the buffer and retry. */
- buffer->alloc += len +
32768;
- if (buffer->alloc > 0xa00000)
+
+ newlen =
buffer->alloc + len + 32768;
+ if (newlen >
0xa00000)
fatal("buffer_append_space: alloc %u not
supported",
- buffer->alloc);
- buffer->buf
= xrealloc(buffer->buf,
buffer->alloc);
+ newlen);
+ buffer->buf =
xrealloc(buffer->buf, newlen);
+ buffer->alloc =
newlen;
goto restart;
/* NOTREACHED
*/
}
David Mirza Ahmad
Symantec
PGP: 0x26005712
8D 9A
B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12
--
The battle for
the past is for the future.
We must be the winners of the memory war.
댓글 없음:
댓글 쓰기