search for: gwyllion

This is the 1st revision of the Advisory. This document can be found at: http://www.openssh.com/txt/buffer.adv 1. Versions affected: All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error. It is uncertain whether this error is potentially exploitable, however, we prefer to see bugs fixed proactively. 2. Solution: Upgrade to OpenSSH

...;Provably Fixing the SSH Binary Packet Protocol" by Mihir Bellare, Tadayoshi Kohno and Chanathip Namprempre. http://eprint.iacr.org/2002/078/ I guess this would require a new protocol specification and maybe the task of the IETF Secure Shell Working Group. Dries -- Dries Schellekens email: gwyllion at ulyssis.org

Here I would like to suggest a replacement for MAP_ANON on systems which do not have it, such as Solaris < 8. In "man mmap" of Solaris 8: When MAP_ANON is set in flags, and fd is set to -1, mmap() provides a direct path to return anonymous pages to the caller. This operation is equivalent to passing mmap() an open file descriptor on /dev/zero with

A colleague was having trouble running OpenSSH 3.3p on his server. He, like many of us, has been clobbered by the mighty security penis of Theo De Raadt into enabling "privsep". But on some Linux 2.2 kernels, this is broken. Apparantly, OpenSSH "portable" relies on non-POSIX compliant mmap() features. Making the mmap() call in monitor_mm.c look something like this: