Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: mrdkaaa <mrdkaaa <at> stream.cz>
Subject: [MSA080709-001] OpenSSH Vulnerability
Newsgroups: gmane.comp.security.full-disclosure
Date: Wednesday 9th July 2008 07:30:59 UTC (over 9 years ago)
Mrdkaaa Security Advisory 080709-001

Package : OpenSSH
Date    : July 09, 2008


1. Details

[openssh-5.0p1/auth1.c]

   234  static void
   235  do_authloop(Authctxt *authctxt)

   345                          len = buffer_len(&loginmsg);
   346                          buffer_append(&loginmsg, "\0", 1);
   347                          msg = buffer_ptr(&loginmsg);

   354                          packet_disconnect(msg);


[openssh-5.0p1/packet.c]

  1377  void
  1378  packet_disconnect(const char *fmt,...)

  1392          va_start(args, fmt);
  1393          vsnprintf(buf, sizeof(buf), fmt, args);
  1394          va_end(args);


2. Analysis

  100% lame


3. Detection

  -rwsr-sr-x 1 root root 678832 2008-07-09 03:47 /tmp/sh
  root     pts/1    1.3.3.7          03:48    0.00s  0.00s  0.00s /tmp/sh


4. Pwnie Awards 2008

  To submit a nomination, visit the Pwnie Awards site at http://pwnie-awards.org/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 
CD: 3ms