similar to: [PATCH] memory leaked leaving scope

CORE SDI http://www.core-sdi.com SSH1 CRC-32 compensation attack detector vulnerability Date Published: 2001-02-08 Advisory ID: CORE-20010207 Bugtraq ID: 2347 CVE CAN: CAN-2001-0144 Title: SSH1 CRC-32 compensation attack detector vulnerability Class: Boundary Error Condition Remotely Exploitable: Yes Locally Exploitable: Yes Release Mode:

The variable IV does can be NULL when passed into the function. However, IV is dereferenced in CMP, therefore, IV should be checked before sending it to this macro. This patch adds what is common in other parts of the code but is missing on this particular check. This entire set of patches passed the regression tests on my system. Null dereference bug found by Coverity. Signed-off-by: Kylene

Hi, I recently ported OpenSSH to my hobbyist operating system. The portable release is very straightforward to work with, but it had a few minor issues where it assumes the existence of things that might not be on a POSIX 2008 system. This are the list of issues I encountered that I believe makes sense to upstream. * <sys/param.h> is included in many files and isn't a standard

Remote vulnerability in SSH daemon crc32 compensation attack detector ----------------------------------------------------------------------- Issue date: 8 February 2001 Author: Michal Zalewski <lcamtuf at razor.bindview.com> Contact: Scott Blake <blake at razor.bindview.com> CVE: CAN-2001-0144 Topic: Remotely exploitable vulnerability condition exists in most ssh daemon

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:22.openssh Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities in OpenSSH Category: contrib Module: openssh Announced:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:22.openssh Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities in OpenSSH Category: contrib Module: openssh Announced:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:22.openssh Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities in OpenSSH Category: contrib Module: openssh Announced:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-03:12 Security Advisory FreeBSD, Inc. Topic: OpenSSH buffer management error Category: core, ports Module: openssh, ports_openssh,

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-03:12 Security Advisory FreeBSD, Inc. Topic: OpenSSH buffer management error Category: core, ports Module: openssh, ports_openssh,

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-03:12 Security Advisory FreeBSD, Inc. Topic: OpenSSH buffer management error Category: core, ports Module: openssh, ports_openssh,

OpenBSD tree is heading into a lock and this includes OpenSSH. So we are winding up for a 3.5 release. If we can get people to test the current snapshots and report any problems that would improve the odds that your platform won't be broke for 3.5. Issues I know off of right now. 1. I can't test NeXT. So I TRULY need someone in that community to test for me. Last I heard there was

memset has apparently been fixed in unicos afterall, or else the current code straightened out whatever was going wrong. i'm not sure what happened, but deattack.c changes are no longer necessary. i'm not going to look a gift horse in the mouth.... crays run great straight out of the box for 3.5p1 as released. sorry for the long delay in replying. porting my product to our new machine

Hi, I didn't know if this was the correct spot to send openSSH bugs/problems so I thought I'd try... Anyway, I have encountered the following compile time problems for openssh-1.2pre15 / Solaris 2.6 / gcc 2.8.1 - * daemon code (bsd-daemon.[ch]) exists but is not linked in. Also, header is not included. Same might apply to bsd-login. * rsa.h needs __P() define to work

This patch fixes my botched attempted to patch deattack.c. I created a bsd-cray.h file and cleaned up a few error cases in bsd-cray.c. Fixed cray_setup call to pass uid and login name in session.c and moved its call so that its called with root privs. Its been tested on a irix, sun, aix, unicos(SV1) and unicosmk(T3E) systems. If you are building this on a T3E you may have to edit the Makefile

Hi All, Did anybody ever had problems created by static h in function detect_attack() in deattack.c? In our system which is based on pSOS OS, this static h is causing a crash, because after closing first ssh session, it pSOS system is allocating same memory to another ssh session and this static h is overwriting that memory. I would appreciate if you know why h is statically allocated.

Hello, I looked through the latest stable version of openssh (3.0.2p1) and found a number of items that concerned me. I'm not terribly familiar with the coding, so patches are probably better left to someone else. Anyways, here a list of issues that I think someone should look at. Cheers, Steve Grubb -------- File Line Description Channels.c 1195 If nc == NULL, this line segfaults. Test

For those following the portable CVS tree.. I'd suggest holding off for a day or so unless you really want to get dirty. I just commited 32 patches from the OpenBSD tree, but have not worked out all the issues (due to Linux brain damage <sigh..Faster OpenBSD gets SMP..the happer I'll be>). The two things that need to be finished integrated in the configure.in is KRB5 and

Hi, At the office, there is an old ss5 box running sunos 4.1.4. I have configured openssh using gcc on this machine. In doing so, I found a few compilation and configuration problems. 1. Compilation Problem. SunOS 4.1.4 doesn't have regex.h header nor the entry points regex.c is supposed to offer. Solution. Copy regex.c and regex.h from, say, GNU awk distribution to the openssh directory

http://bugzilla.mindrot.org/show_bug.cgi?id=367 ------- Additional Comments From mouring at eviladmin.org 2002-11-10 03:34 ------- Everything was applied to 3.5 but deattack.c. Changes talked about on the list will be accepted if they are submitted in patch form. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

each pass afterwards looks to see if the hash table has grown. If pSOS OS is having issues I'd question your compiler or OS for reallocating memory that should be tagged as used. - Ben On Wed, 15 May 2002, Amandeep Singh wrote: > Hi All, > > Did anybody ever had problems created by static h in function > detect_attack() in deattack.c? In our system which is based on pSOS OS,