search for: deattack

...e sending it to this macro. This patch adds what is common in other parts of the code but is missing on this particular check. This entire set of patches passed the regression tests on my system. Null dereference bug found by Coverity. Signed-off-by: Kylene Hall <kjhall at us.ibm.com> --- deattack.c | 2 +- 1 files changed, 1 insertion(+), 1 deletion(-) diff -uprN openssh-4.3p2/deattack.c openssh-4.3p2-kylie/deattack.c --- openssh-4.3p2/deattack.c 2003-09-22 06:04:23.000000000 -0500 +++ openssh-4.3p2-kylie/deattack.c 2006-05-04 15:10:19.000000000 -0500 @@ -137,7 +137,7 @@ detect_attack(u_...

...orrection details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path - ------------------------------------------------------------------------- RELENG_4 src/crypto/openssh/deattack.c 1.1.1.1.2.6 src/crypto/openssh/deattack.h 1.1.1.1.2.3 src/crypto/openssh/defines.h 1.1.1.2.2.3 src/crypto/openssh/log.c 1.1.1.1.2.6 src/crypto/openssh/log.h...

...orrection details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path - ------------------------------------------------------------------------- RELENG_4 src/crypto/openssh/deattack.c 1.1.1.1.2.6 src/crypto/openssh/deattack.h 1.1.1.1.2.3 src/crypto/openssh/defines.h 1.1.1.2.2.3 src/crypto/openssh/log.c 1.1.1.1.2.6 src/crypto/openssh/log.h...

...orrection details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path - ------------------------------------------------------------------------- RELENG_4 src/crypto/openssh/deattack.c 1.1.1.1.2.6 src/crypto/openssh/deattack.h 1.1.1.1.2.3 src/crypto/openssh/defines.h 1.1.1.2.2.3 src/crypto/openssh/log.c 1.1.1.1.2.6 src/crypto/openssh/log.h...

...2.3.0 (problem fixed) SSH1 releases prior to 1.2.24 (vulnerable to crc attacks) Cisco SSH (own implementation) LSH (SSH protocol 1 not supported) ** Other SSH daemons: not tested Overview: An integer-overflow problem is present in common code of recent ssh daemons, deattack.c, which was developed by CORE SDI to protect against cryptographic attacks on SSH protocol. Impact: Insufficient range control calculations (16-bit unsigned variable is used instead of 32-bit, which causes integer overflow) in the detect_attack() function leads to table index overflow bug. Th...

...stream that would allow execution of arbitrary commands on either client or server. The problem was not fixable without breaking the protocol 1.5 semantics and thus a patch was devised that would detect an attack that exploited the vulnerability found. The attack detection is done in the file deattack.c from the SSH1 source distribution. A vulnerability was found in the attack detection code that could lead to the execution of arbitrary code in SSH servers and clients that incorporated the patch. Vulnerable Packages/Systems: This problem affects both SSH servers and clients. All version...

...Revision Path - ------------------------------------------------------------------------- [Base system] RELENG_4 src/crypto/openssh/buffer.c 1.1.1.1.2.7 src/crypto/openssh/channels.c 1.1.1.1.2.10 src/crypto/openssh/deattack.c 1.1.1.1.2.5 src/crypto/openssh/misc.c 1.1.1.1.2.3 src/crypto/openssh/session.c 1.4.2.18 src/crypto/openssh/ssh-agent.c 1.2.2.11 src/crypto/openssh/version.h...

...Revision Path - ------------------------------------------------------------------------- [Base system] RELENG_4 src/crypto/openssh/buffer.c 1.1.1.1.2.7 src/crypto/openssh/channels.c 1.1.1.1.2.10 src/crypto/openssh/deattack.c 1.1.1.1.2.5 src/crypto/openssh/misc.c 1.1.1.1.2.3 src/crypto/openssh/session.c 1.4.2.18 src/crypto/openssh/ssh-agent.c 1.2.2.11 src/crypto/openssh/version.h...

...Revision Path - ------------------------------------------------------------------------- [Base system] RELENG_4 src/crypto/openssh/buffer.c 1.1.1.1.2.7 src/crypto/openssh/channels.c 1.1.1.1.2.10 src/crypto/openssh/deattack.c 1.1.1.1.2.5 src/crypto/openssh/misc.c 1.1.1.1.2.3 src/crypto/openssh/session.c 1.4.2.18 src/crypto/openssh/ssh-agent.c 1.2.2.11 src/crypto/openssh/version.h...

http://bugzilla.mindrot.org/show_bug.cgi?id=97 wendyp at cray.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |INVALID ------- Additional Comments From wendyp at cray.com 2002-04-23 08:39

Index: openssh/deattack.c =================================================================== RCS file: /cvs/openssh/deattack.c,v retrieving revision 1.15 diff -u -r1.15 deattack.c --- openssh/deattack.c 5 Mar 2002 01:53:05 -0000 1.15 +++ openssh/deattack.c 22 Aug 2003 05:34:05 -0000 @@ -112,20 +112,26 @@ if (len <= H...

This patch fixes my botched attempted to patch deattack.c. I created a bsd-cray.h file and cleaned up a few error cases in bsd-cray.c. Fixed cray_setup call to pass uid and login name in session.c and moved its call so that its called with root privs. Its been tested on a irix, sun, aix, unicos(SV1) and unicosmk(T3E) systems. If you are building this...

...is included in many files and isn't a standard header. The portability layer already handles all the things it might provide and I could just remove all its inclusions. The build system should just detect its absence and generate an empty header in openbsd-compat/. * bzero is used in deattack.c (and in regress/) instead of the standard memset. The code should be changed to use memset or the compatibility layer should provide its own bzero if absent. * misc.c uses gettimeofday but doesn't include <sys/time.h> to get it. * timerclear, timerisset and timercmp are used in m...

This is the 1st revision of the Advisory. This document can be found at: http://www.openssh.com/txt/buffer.adv 1. Versions affected: All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error. It is uncertain whether this error is potentially exploitable, however, we prefer to see bugs fixed proactively. 2. Solution: Upgrade to OpenSSH

Hi All, Did anybody ever had problems created by static h in function detect_attack() in deattack.c? In our system which is based on pSOS OS, this static h is causing a crash, because after closing first ssh session, it pSOS system is allocating same memory to another ssh session and this static h is overwriting that memory. I would appreciate if you know why h is statically allocated. dete...

memset has apparently been fixed in unicos afterall, or else the current code straightened out whatever was going wrong. i'm not sure what happened, but deattack.c changes are no longer necessary. i'm not going to look a gift horse in the mouth.... crays run great straight out of the box for 3.5p1 as released. sorry for the long delay in replying. porting my product to our new machine took more time than i anticipated. thanks for your time, wendy...

...uld probably return 1938 Test of c == NULL. Continues processing calling free_channel with c 1972 If c == NULL, this line segfaults. Test at 1968 should probably return 2449 Variable socks has not be initted since 2409 ! 2598 Strchr could return a NULL is $DISPLAY does not have a ?:? in it ! Deattack.c 139 Test at 132 for IV == NULL should probably bypass this area. Will segfault in this line if IV == NULL. Kexgex.c 304 If dh == NULL, this line segfaults. Test at 299 should probably return Ssh.c 88 IPv4or6 is an int. Line 136 of channels.c declares a static int for same variable. ??? C...

...lready been reported). Diffs are - *** Makefile.in.ORIG Thu Nov 25 12:40:22 1999 --- Makefile.in Wed Dec 1 12:09:37 1999 *************** *** 34,40 **** all: $(OBJS) $(TARGETS) ! libssh.a: authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o hostfile.o match.o mpaux.o nchan.o packet.o readpass.o rsa.o tildexpand.o ttymodes.o uidswap.o xmalloc.o helper.o rc4.o bsd-mktemp.o bsd-strlcpy.o bsd-strlcat.o log.o fingerprint.o $(AR) rv $@ $^ $(RANLIB) $@ --- 34,40 ---- all: $(OBJS) $(TARGETS) ! libssh.a: authfd.o authfil...

OpenBSD tree is heading into a lock and this includes OpenSSH. So we are winding up for a 3.5 release. If we can get people to test the current snapshots and report any problems that would improve the odds that your platform won't be broke for 3.5. Issues I know off of right now. 1. I can't test NeXT. So I TRULY need someone in that community to test for me. Last I heard there was

...openbsd.org 2001/06/26 05:50:11 [auth2.c] new interface for secure_filename() - itojun at cvs.openbsd.org 2001/06/26 06:32:58 [atomicio.h authfd.h authfile.h auth.h auth-options.h bufaux.h buffer.h canohost.h channels.h cipher.h clientloop.h compat.h compress.h crc32.h deattack.h dh.h dispatch.h groupaccess.h hostfile.h kex.h key.h log.h mac.h match.h misc.h mpaux.h packet.h radix.h readconf.h readpass.h rsa.h] prototype pedant. not very creative... - () -> (void) - no variable names - itojun at cvs.openbsd.org 2001/06/26 06:33:07 [s...