similar to: OpenSSH Security Advisory: buffer.adv

This is the 1st revision of the Advisory. This document can be found at: http://www.openssh.com/txt/buffer.adv 1. Versions affected: All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error. It is uncertain whether this error is potentially exploitable, however, we prefer to see bugs fixed proactively. 2. Solution: Upgrade to OpenSSH

Has anyone around here heard of this ? ---Mike >Subject: Re: [Full-Disclosure] new ssh exploit? >From: christopher neitzert <chris@neitzert.com> >Reply-To: chris@neitzert.com >To: full-disclosure@lists.netsys.com >X-Mailer: Ximian Evolution 1.4.3.99 >Sender: full-disclosure-admin@lists.netsys.com >X-BeenThere: full-disclosure@lists.netsys.com

Is anybody aware of this? -hc ----- Forwarded message from Alex Lambert <alambert@quickfire.org> ----- 3.7.1 was just released. Two patches for similar issues in a very short timeframe. Who do they think they are -- Microsoft? <grin> apl -------- Original Message -------- Subject: OpenSSH Security Advisory: buffer.adv Date: Wed, 17 Sep 2003 01:13:30 +0200 From: Markus Friedl

during my seminar of advanced exploitation techniques (SEAT, [1]) i developed some methods to crack into system via DMA (e.g. via firewire). as part of this i developed a program that steals loaded ssh private keys from ssh-agents. i was astonished to find that the keys are not immediately removed from the agent when a timeout occurs, but only the next time the agent is queried via its socket. i

Hello, in the BSD Authentication system the login script can request environment variables to be set/unset. The call to auth_close() in auth-passwd.c does change the current environment, but those changes are lost for the child environment. It would be really useful to add some kind of mechanism to get those changes into the child environment. I've added two possible solutions. Both

This is the LAST version I plan on doing.. If I hear no feed back good or bad. Then I'll assume I've wasted my time on a feature that people whine about but don't care to try. This is against 3.0.2pX so it should be VERY easy for anyone to test. - Ben diff -ur openssh-3.0.2p1/misc.c openssh/misc.c --- openssh-3.0.2p1/misc.c Tue Jul 3 23:46:58 2001 +++ openssh/misc.c Wed Feb 6

http://bugzilla.mindrot.org/show_bug.cgi?id=252 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #212 is|0 |1 obsolete| | ------- Additional Comments From dtucker at zip.com.au 2003-08-22 14:14 -------

I'm reading this fine article on O'Reilly: http://linux.oreillynet.com/lpt/a//linux/2001/11/08/ssh_keystroke.html <quote> The paper concludes that the keystroke timing data observable from today's SSH implementations reveals a dangerously significant amount of information about user terminal sessions--enough to locate typed passwords in the session data stream and reduce the

Specifying a RemoteForward of 0:example.com:1234 dynamically allocates the listen port on the server, and then reports it to ... the client! Where it is practically useless. Was this someone's idea of a joke? Presumably not--there are some technical obstacles to reporting it to the remote process. I'd like to help solve that problem. The natural way to me would be to extend the syntax

On 11 May 2017 at 12:16, Patrick Perry wrote: | I've done a bit more investigation into this issue. Here is my current | understanding of the situation: | | 1. I have a package on CRAN (corpus-0.3.1) that passes tests on all | platforms except for Linux. | 2. My package defines a C function, "xrealloc", for internal use. | 3. The libreadline library that R links to defines a

I have a package on CRAN now (corpus-0.3.1) that is currently failing tests on Linux, but passing on all other architectures: https://cran.r-project.org/web/checks/check_results_corpus.html I believe that the issue arrises from a namespace class between "xrealloc", which my package provides for internal use, but which R also seems to provide (possibly as part of TRE in

Hello, In response to the timing analysis attacks presented by Dawn Song et. al. in her paper http://paris.cs.berkeley.edu/~dawnsong/ssh-timing.html we at Silicon Defense developed a patch for openssh to avoid such measures. Timing Analysis Evasion changes were developed by C. Jason Coit and Roel Jonkman of Silicon Defense. These changes cause SSH to send packets unless request not to,

Hi, I'm not a programmer nor able to fully understand the code of openssh in detail - hence my question here. Out of curiosity I was looking at the patch for CVE-2002-0083 and tried to understand what the actual problem is, but failed: --- channels_old.c?? ?Mon Mar? 4 02:07:06 2002 +++ channels.c?? ?Mon Mar? 4 02:07:16 2002 @@ -151,7 +151,7 @@ ?channel_lookup(int id) ?{ ??? ?Channel *c; -??

As before, it is described on our website. This should apply fairly cleanly to both portable and openbsd ssh. http://www.psc.edu/networking/hpn-ssh/ Only in openssh-3.8.1p1-dynwindow: Makefile diff -u openssh-3.8.1p1/buffer.c openssh-3.8.1p1-dynwindow/buffer.c --- openssh-3.8.1p1/buffer.c 2003-11-21 07:56:47.000000000 -0500 +++ openssh-3.8.1p1-dynwindow/buffer.c 2004-07-12 07:49:29.000000000

Hi. One thing that people seem to want to do with PAM is to deny a login immediately without interacting but return a message to the user. (Some platforms implement, eg, /etc/nologin via PAM this way.) Currently, sshd will just deny the login and the user will not be told why. Attached it a patch that return a keyboard-interactive packet with the message in the "instruction"

When I encounter the problem with TCP port forwarding locking up, I'll see this on the client window (if I haven't invoked ssh with -q): chan_shutdown_read failed for #1/fd6: Transport endpoint is not connected chan_shutdown_read failed for #1/fd6: Transport endpoint is not connected This is with Blowfish encryption. I have to kill and restart the client when this happens. Phil

OK, an official OpenSSH advisory was released, see here: <URL: http://www.mindrot.org/pipermail/openssh-unix-announce/2003-September/000063.html > The fix is currently in FreeBSD -CURRENT and -STABLE. It will be applied to the security branches as well today. Attached are patches: buffer46.patch -- For FreeBSD 4.6-RELEASE and later buffer45.patch -- For FreeBSD 4.5-RELEASE and

http://bugzilla.mindrot.org/show_bug.cgi?id=884 dmr at gmx.it changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|DSA keys (id_dsa.pub) with |DSA keys (id_dsa.pub) with |8192 bytes or more aren't |8192 bits or more aren't |correctly

http://bugzilla.mindrot.org/show_bug.cgi?id=1090 Summary: Increase MAX_SESSIONS? Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org ReportedBy: cjwatson at debian.org

We have developed a patch that enables changing the SSH window size using the tcp window size as the source. This allows SSH to obtain maximum use of the bandwidth on high BDP links. We also have a page that describes the changes and performance. http://www.psc.edu/~rapier/hpn-ssh/ The patch against CVS is included here. Common subdirectories: src/usr.bin/ssh/CVS and ssh/CVS diff -u