search for: schellekens

Displaying 5 results from an estimated 5 matches for "schellekens".

2003 Sep 16
5
OpenSSH Security Advisory: buffer.adv
This is the 1st revision of the Advisory. This document can be found at: http://www.openssh.com/txt/buffer.adv 1. Versions affected: All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error. It is uncertain whether this error is potentially exploitable, however, we prefer to see bugs fixed proactively. 2. Solution: Upgrade to OpenSSH
2002 Jun 22
1
Provably Fixing the SSH Binary Packet Protocol
...suggested in "Provably Fixing the SSH Binary Packet Protocol" by Mihir Bellare, Tadayoshi Kohno and Chanathip Namprempre. http://eprint.iacr.org/2002/078/ I guess this would require a new protocol specification and maybe the task of the IETF Secure Shell Working Group. Dries -- Dries Schellekens email: gwyllion at ulyssis.org
2002 Jun 26
2
MAP_ANON replacement?
Here I would like to suggest a replacement for MAP_ANON on systems which do not have it, such as Solaris < 8. In "man mmap" of Solaris 8: When MAP_ANON is set in flags, and fd is set to -1, mmap() provides a direct path to return anonymous pages to the caller. This operation is equivalent to passing mmap() an open file descriptor on /dev/zero with
2005 Mar 25
1
New HPN patch released for 3.9
We've released a new HPN (High Performance Network) patch for OpenSSH 3.9p1. We've made two major changes - first off we backed out of all the modifications we made to buffer.c. Turns out that it just wasn't necessary once we fixed a nagging bug in channels.c. I also made a minor change to the buffer sizes in the source and sink functions in scp.c Increasing the size of both
2002 Jun 25
2
Patch for OpenSSH/mmap() on Linux 2.2
A colleague was having trouble running OpenSSH 3.3p on his server. He, like many of us, has been clobbered by the mighty security penis of Theo De Raadt into enabling "privsep". But on some Linux 2.2 kernels, this is broken. Apparantly, OpenSSH "portable" relies on non-POSIX compliant mmap() features. Making the mmap() call in monitor_mm.c look something like this: