Is OpenSSH vulnerable to the ZLIB problem or isn't it?
Theo de Raadt
deraadt at cvs.openbsd.org
Thu Apr 4 09:07:29 EST 2002
> This is of course the reasonably obscure condition of a hole in a massively
> shared library without any clear method of exploiting it. Most
> vulnerabilities translate more readily to immediate attacks.
I do not think that libz is really to blame here. I think that you
are going to see about 10 "malloc does not detect duplicate free"
holes in the next year.
We have other security features in our libc malloc, for instance, even
one that prevents the ssh crc32 overflow from working. It does this
by returning write protected blocks of memory for malloc(0)
allocations.
These features will stop holes from happening.
Other vendors are not building these protections in. Instead, they
show how dutiful they are with respect to security by making
fancy announcements. I wish we could be as cool as them, but naw.
More information about the openssh-unix-dev
mailing list