Buffer overflow in OpenSSH 2.2.0-3.1.0
Osmo Paananen
odie at rotta.media.sonera.net
Sat Apr 20 17:42:28 EST 2002
Hi!
I just saw this on bugtraq. Does someone have more details about this?
Subject: OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable
buffer overflow
From: Marcell Fodor <m.fodor at mail.datanet.hu>
Date: 19 Apr 2002 22:42:51 -0000 (Sat 01:42 EEST)
To: bugtraq at securityfocus.com
effect:
local root
vulnerable services:
-pass Kerberos IV TGT
-pass AFS Token
bug details:
radix.c
GETSTRING macro in radix_to_creds
function may cause buffer overflow.
affected buffers:
creds->service
creds->instance
creds->realm
creds->pinst
exploit code here: mantra.freeweb.hu
More information about the openssh-unix-dev
mailing list