Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


[openssh-unix-announce] OpenSSH Security Advisory (adv.channelalloc)
.

  • Subject: [openssh-unix-announce] OpenSSH Security Advisory (adv.channelalloc)
  • From: markus at openbsd.org (Markus Friedl)
  • Date: Thu May 22 12:10:12 2003
.
 
1. Systems affected:

	All versions of OpenSSH between 2.0 and 3.0.2 contain
	an off-by-one error in the channel code.

	OpenSSH 3.1 and later are not affected.

2. Impact:

        This bug can be exploited locally by an authenticated user
        logging into a vulnerable OpenSSH server or by a malicious
        SSH server attacking a vulnerable OpenSSH client.
	
3. Solution:

	Upgrade to OpenSSH 3.1 or apply the following patch.

4. Credits:

	This bug was discovered by Joost Pol <[EMAIL PROTECTED]>


Appendix:

Index: channels.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/channels.c,v
retrieving revision 1.170
retrieving revision 1.171
diff -u -r1.170 -r1.171
--- channels.c	27 Feb 2002 21:23:13 -0000	1.170
+++ channels.c	4 Mar 2002 19:37:58 -0000	1.171
@@ -146,7 +146,7 @@
 {
 	Channel *c;
 
-	if (id < 0 || id > channels_alloc) {
+	if (id < 0 || id >= channels_alloc) {
 		log("channel_lookup: %d: bad id", id);
 		return NULL;
 	}
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.