Displaying 20 results from an estimated 200 matches similar to: "[PATCH] memory leaked leaving scope"
2001 Feb 08
0
[CORE SDI ADVISORY] SSH1 CRC-32 compensation attack detector vulnerability
CORE SDI
http://www.core-sdi.com
SSH1 CRC-32 compensation attack detector vulnerability
Date Published: 2001-02-08
Advisory ID: CORE-20010207
Bugtraq ID: 2347
CVE CAN: CAN-2001-0144
Title: SSH1 CRC-32 compensation attack detector vulnerability
Class: Boundary Error Condition
Remotely Exploitable: Yes
Locally Exploitable: Yes
Release Mode:
2006 May 15
1
[PATCH 2/12] bug fix: openssh-4.3p2 NULL dereference
The variable IV does can be NULL when passed into the function. However,
IV is dereferenced in CMP, therefore, IV should be checked before
sending it to this macro. This patch adds what is common in other parts
of the code but is missing on this particular check. This entire set of
patches passed the regression tests on my system. Null dereference bug
found by Coverity.
Signed-off-by: Kylene
2016 Jan 19
2
OpenSSH portability & buildsystem fixes
Hi,
I recently ported OpenSSH to my hobbyist operating system. The portable
release is very straightforward to work with, but it had a few minor
issues where it assumes the existence of things that might not be on a
POSIX 2008 system. This are the list of issues I encountered that I
believe makes sense to upstream.
* <sys/param.h> is included in many files and isn't a standard
2001 Feb 08
0
BindView advisory: sshd remote root (bug in deattack.c)
Remote vulnerability in SSH daemon crc32 compensation attack detector
-----------------------------------------------------------------------
Issue date: 8 February 2001
Author: Michal Zalewski <lcamtuf at razor.bindview.com>
Contact: Scott Blake <blake at razor.bindview.com>
CVE: CAN-2001-0144
Topic:
Remotely exploitable vulnerability condition exists in most ssh daemon
2006 Sep 30
0
FreeBSD Security Advisory FreeBSD-SA-06:22.openssh
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-06:22.openssh Security Advisory
The FreeBSD Project
Topic: Multiple vulnerabilities in OpenSSH
Category: contrib
Module: openssh
Announced:
2006 Sep 30
9
FreeBSD Security Advisory FreeBSD-SA-06:22.openssh
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-06:22.openssh Security Advisory
The FreeBSD Project
Topic: Multiple vulnerabilities in OpenSSH
Category: contrib
Module: openssh
Announced:
2006 Sep 30
9
FreeBSD Security Advisory FreeBSD-SA-06:22.openssh
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-06:22.openssh Security Advisory
The FreeBSD Project
Topic: Multiple vulnerabilities in OpenSSH
Category: contrib
Module: openssh
Announced:
2003 Sep 17
0
FreeBSD Security Advisory FreeBSD-SA-03:12.openssh [REVISED]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-03:12 Security Advisory
FreeBSD, Inc.
Topic: OpenSSH buffer management error
Category: core, ports
Module: openssh, ports_openssh,
2003 Sep 17
2
FreeBSD Security Advisory FreeBSD-SA-03:12.openssh [REVISED]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-03:12 Security Advisory
FreeBSD, Inc.
Topic: OpenSSH buffer management error
Category: core, ports
Module: openssh, ports_openssh,
2003 Sep 17
2
FreeBSD Security Advisory FreeBSD-SA-03:12.openssh [REVISED]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-03:12 Security Advisory
FreeBSD, Inc.
Topic: OpenSSH buffer management error
Category: core, ports
Module: openssh, ports_openssh,
2002 Sep 23
19
Call for testing for 3.5 OpenSSH
OpenBSD tree is heading into a lock and this includes OpenSSH. So we are
winding up for a 3.5 release. If we can get people to test the current
snapshots and report any problems that would improve the odds that your
platform won't be broke for 3.5.
Issues I know off of right now.
1. I can't test NeXT. So I TRULY need someone in that community to test
for me. Last I heard there was
2003 Jan 18
0
[Bug 367] patches for Cray port
memset has apparently been fixed in unicos afterall,
or else the current code straightened out whatever was going wrong.
i'm not sure what happened, but deattack.c changes are no longer
necessary. i'm not going to look a gift horse in the mouth....
crays run great straight out of the box for 3.5p1 as released.
sorry for the long delay in replying. porting my product to our new
machine
1999 Dec 01
1
Compile bugs in openssh-1.2pre15 on Solaris (2.6)
Hi,
I didn't know if this was the correct spot to send openSSH bugs/problems
so I thought I'd try...
Anyway, I have encountered the following compile time problems for
openssh-1.2pre15 / Solaris 2.6 / gcc 2.8.1 -
* daemon code (bsd-daemon.[ch]) exists but is not linked in. Also,
header is not included. Same might apply to bsd-login.
* rsa.h needs __P() define to work
2001 Jul 26
7
Updated Cray patch against openssh SNAP-20010725
This patch fixes my botched attempted to patch deattack.c.
I created a bsd-cray.h file and cleaned up a few error cases
in bsd-cray.c. Fixed cray_setup call to pass uid and login name
in session.c and moved its call so that its called with root privs.
Its been tested on a irix, sun, aix, unicos(SV1) and unicosmk(T3E)
systems.
If you are building this on a T3E you may have to edit the Makefile
2002 May 15
2
static h in detect_attack()
Hi All,
Did anybody ever had problems created by static h in function
detect_attack() in deattack.c? In our system which is based on pSOS OS, this
static h is causing a crash, because after closing first ssh session, it
pSOS system is allocating same memory to another ssh session and this static
h is overwriting that memory.
I would appreciate if you know why h is statically allocated.
2002 Feb 02
1
openssh-3.0.2p1 BUGs
Hello,
I looked through the latest stable version of openssh
(3.0.2p1) and found a number of items that concerned
me. I'm not terribly familiar with the coding, so
patches are probably better left to someone else.
Anyways, here a list of issues that I think someone
should look at.
Cheers,
Steve Grubb
--------
File Line Description
Channels.c 1195 If nc == NULL, this line segfaults.
Test
2001 Jul 04
0
Sneek peak at what was commited.
For those following the portable CVS tree.. I'd suggest holding off for a
day or so unless you really want to get dirty. I just commited 32 patches
from the OpenBSD tree, but have not worked out all the issues (due to
Linux brain damage <sigh..Faster OpenBSD gets SMP..the happer I'll be>).
The two things that need to be finished integrated in the configure.in is
KRB5 and
2000 Dec 07
2
sunos 4.1.4 Makefile and regex.[ch] fix
Hi,
At the office, there is an old ss5 box running sunos 4.1.4.
I have configured openssh using gcc on this machine.
In doing so, I found a few compilation and configuration problems.
1. Compilation Problem.
SunOS 4.1.4 doesn't have regex.h header nor the entry points regex.c
is supposed to offer.
Solution.
Copy regex.c and regex.h from, say, GNU awk distribution to
the openssh directory
2002 Nov 09
0
[Bug 367] patches for Cray port
http://bugzilla.mindrot.org/show_bug.cgi?id=367
------- Additional Comments From mouring at eviladmin.org 2002-11-10 03:34 -------
Everything was applied to 3.5 but deattack.c. Changes talked about on the list
will be accepted if they are submitted in patch form.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
2006 Nov 01
0
No subject
each pass afterwards looks to see if the hash table has grown.
If pSOS OS is having issues I'd question your compiler or OS for
reallocating memory that should be tagged as used.
- Ben
On Wed, 15 May 2002, Amandeep Singh wrote:
> Hi All,
>
> Did anybody ever had problems created by static h in function
> detect_attack() in deattack.c? In our system which is based on pSOS OS,