[FUGSPBR] BOF no OpenSSH

[Francisco J Badaró]

Amigos da lista, leiam com cuidado e atenção a mensagem abaixo, é para nós 
que utilizamos o OpenSSH !

This document can be found at:  http://www.openssh.com/txt/buffer.adv 

1. Versions affected: 

       All versions of OpenSSH's sshd prior to 3.7 contain a buffer 
       management error.  It is uncertain whether this error is 
       potentially exploitable, however, we prefer to see bugs 
       fixed proactively. 

2. Solution: 

       Upgrade to OpenSSH 3.7 or apply the following patch. 

Appendix: 

Index: buffer.c 
=================================================================== 
RCS file: /cvs/src/usr.bin/ssh/buffer.c,v 
retrieving revision 1.16 
retrieving revision 1.17 
diff -u -r1.16 -r1.17 
- --- buffer.c    26 Jun 2002 08:54:18 -0000      1.16 
+++ buffer.c    16 Sep 2003 03:03:47 -0000      1.17 
@@ -69,6 +69,7 @@ 
void * 
buffer_append_space(Buffer *buffer, u_int len) 
{ 
+       u_int newlen; 
       void *p; 

       if (len > 0x100000) 
@@ -98,11 +99,13 @@ 
               goto restart; 
       } 
       /* Increase the size of the buffer and retry. */ 
- -       buffer->alloc += len + 32768; 
- -       if (buffer->alloc > 0xa00000) 
+ 
+       newlen = buffer->alloc + len + 32768; 
+       if (newlen > 0xa00000) 
               fatal("buffer_append_space: alloc %u not supported", 
- -                   buffer->alloc); 
- -       buffer->buf = xrealloc(buffer->buf, buffer->alloc); 
+                   newlen); 
+       buffer->buf = xrealloc(buffer->buf, newlen); 
+       buffer->alloc = newlen; 
       goto restart; 
       /* NOTREACHED */ 
} 


SDS

Francisco J Badaró
Kylix/Delphi/IB/W2K/Linux/BSD

_______________________________________________________________
Sair da Lista: http://www2.fugspbr.org/mailman/listinfo/fugspbr
Historico: http://www4.fugspbr.org/lista/html/FUG-BR/