search for: schellekens

This is the 1st revision of the Advisory. This document can be found at: http://www.openssh.com/txt/buffer.adv 1. Versions affected: All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error. It is uncertain whether this error is potentially exploitable, however, we prefer to see bugs fixed proactively. 2. Solution: Upgrade to OpenSSH

...suggested in "Provably Fixing the SSH Binary Packet Protocol" by Mihir Bellare, Tadayoshi Kohno and Chanathip Namprempre. http://eprint.iacr.org/2002/078/ I guess this would require a new protocol specification and maybe the task of the IETF Secure Shell Working Group. Dries -- Dries Schellekens email: gwyllion at ulyssis.org

Here I would like to suggest a replacement for MAP_ANON on systems which do not have it, such as Solaris < 8. In "man mmap" of Solaris 8: When MAP_ANON is set in flags, and fd is set to -1, mmap() provides a direct path to return anonymous pages to the caller. This operation is equivalent to passing mmap() an open file descriptor on /dev/zero with

We've released a new HPN (High Performance Network) patch for OpenSSH 3.9p1. We've made two major changes - first off we backed out of all the modifications we made to buffer.c. Turns out that it just wasn't necessary once we fixed a nagging bug in channels.c. I also made a minor change to the buffer sizes in the source and sink functions in scp.c Increasing the size of both

A colleague was having trouble running OpenSSH 3.3p on his server. He, like many of us, has been clobbered by the mighty security penis of Theo De Raadt into enabling "privsep". But on some Linux 2.2 kernels, this is broken. Apparantly, OpenSSH "portable" relies on non-POSIX compliant mmap() features. Making the mmap() call in monitor_mm.c look something like this: