similar to: OpenSSH Security Advisory: buffer.adv

This is the 1st revision of the Advisory. This document can be found at: http://www.openssh.com/txt/buffer.adv 1. Versions affected: All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error. It is uncertain whether this error is potentially exploitable, however, we prefer to see bugs fixed proactively. 2. Solution: Upgrade to OpenSSH

Is anybody aware of this? -hc ----- Forwarded message from Alex Lambert <alambert@quickfire.org> ----- 3.7.1 was just released. Two patches for similar issues in a very short timeframe. Who do they think they are -- Microsoft? <grin> apl -------- Original Message -------- Subject: OpenSSH Security Advisory: buffer.adv Date: Wed, 17 Sep 2003 01:13:30 +0200 From: Markus Friedl

We have developed a patch that enables changing the SSH window size using the tcp window size as the source. This allows SSH to obtain maximum use of the bandwidth on high BDP links. We also have a page that describes the changes and performance. http://www.psc.edu/~rapier/hpn-ssh/ The patch against CVS is included here. Common subdirectories: src/usr.bin/ssh/CVS and ssh/CVS diff -u

Has anyone around here heard of this ? ---Mike >Subject: Re: [Full-Disclosure] new ssh exploit? >From: christopher neitzert <chris@neitzert.com> >Reply-To: chris@neitzert.com >To: full-disclosure@lists.netsys.com >X-Mailer: Ximian Evolution 1.4.3.99 >Sender: full-disclosure-admin@lists.netsys.com >X-BeenThere: full-disclosure@lists.netsys.com

As before, it is described on our website. This should apply fairly cleanly to both portable and openbsd ssh. http://www.psc.edu/networking/hpn-ssh/ Only in openssh-3.8.1p1-dynwindow: Makefile diff -u openssh-3.8.1p1/buffer.c openssh-3.8.1p1-dynwindow/buffer.c --- openssh-3.8.1p1/buffer.c 2003-11-21 07:56:47.000000000 -0500 +++ openssh-3.8.1p1-dynwindow/buffer.c 2004-07-12 07:49:29.000000000

OK, an official OpenSSH advisory was released, see here: <URL: http://www.mindrot.org/pipermail/openssh-unix-announce/2003-September/000063.html > The fix is currently in FreeBSD -CURRENT and -STABLE. It will be applied to the security branches as well today. Attached are patches: buffer46.patch -- For FreeBSD 4.6-RELEASE and later buffer45.patch -- For FreeBSD 4.5-RELEASE and

I have been trying to install 3.4p1 on a number of machines. Servers on ia64 Linux, i386 Linux and SPARC Solaris are all working like charms. On the other hand, I am having trouble at least with HPUX 11, DEC OSF 5.1 and Unixware: on all those systems, sshd bails out after authentication with an error in buffer_append_space. Here is the output of sshd -d on the UnixWare machine (uname -a:

http://bugzilla.mindrot.org/show_bug.cgi?id=1286 Summary: SFTP keeps reading input until it runs out of buffer space Product: Portable OpenSSH Version: v4.5p1 Platform: All OS/Version: Linux Status: NEW Keywords: patch Severity: normal Priority: P2 Component: sftp

On 11 May 2017 at 12:16, Patrick Perry wrote: | I've done a bit more investigation into this issue. Here is my current | understanding of the situation: | | 1. I have a package on CRAN (corpus-0.3.1) that passes tests on all | platforms except for Linux. | 2. My package defines a C function, "xrealloc", for internal use. | 3. The libreadline library that R links to defines a

I have a package on CRAN now (corpus-0.3.1) that is currently failing tests on Linux, but passing on all other architectures: https://cran.r-project.org/web/checks/check_results_corpus.html I believe that the issue arrises from a namespace class between "xrealloc", which my package provides for internal use, but which R also seems to provide (possibly as part of TRE in

Commit-ID: cf9ea962f1fb310a92efd184f14df2c04b30f75a Gitweb: http://git.kernel.org/?p=libs/klibc/klibc.git;a=commit;h=cf9ea962f1fb310a92efd184f14df2c04b30f75a Author: Jim Meyering <meyering at redhat.com> AuthorDate: Fri, 8 Jul 2011 16:12:20 +0800 Committer: maximilian attems <max at stro.at> CommitDate: Mon, 2 Jul 2012 10:44:23 +0200 [klibc] [MEMALLOC] Avoid gcc warning:

Commit-ID: 21ceb151c758eb2384962b9ee8abc33b5bd674e9 Gitweb: http://git.kernel.org/?p=libs/klibc/klibc.git;a=commit;h=21ceb151c758eb2384962b9ee8abc33b5bd674e9 Author: Herbert Xu <herbert at gondor.apana.org.au> AuthorDate: Thu, 31 May 2018 01:51:48 +0800 Committer: Ben Hutchings <ben at decadent.org.uk> CommitDate: Sat, 28 Mar 2020 21:42:55 +0000 [klibc] dash: memalloc: Avoid

Hi, I'm not a programmer nor able to fully understand the code of openssh in detail - hence my question here. Out of curiosity I was looking at the patch for CVE-2002-0083 and tried to understand what the actual problem is, but failed: --- channels_old.c?? ?Mon Mar? 4 02:07:06 2002 +++ channels.c?? ?Mon Mar? 4 02:07:16 2002 @@ -151,7 +151,7 @@ ?channel_lookup(int id) ?{ ??? ?Channel *c; -??

When I encounter the problem with TCP port forwarding locking up, I'll see this on the client window (if I haven't invoked ssh with -q): chan_shutdown_read failed for #1/fd6: Transport endpoint is not connected chan_shutdown_read failed for #1/fd6: Transport endpoint is not connected This is with Blowfish encryption. I have to kill and restart the client when this happens. Phil

Commit-ID: 1df4e2a6786b049decbc6ab1683108da86479891 Gitweb: http://git.kernel.org/?p=libs/klibc/klibc.git;a=commit;h=1df4e2a6786b049decbc6ab1683108da86479891 Author: Herbert Xu <herbert at gondor.apana.org.au> AuthorDate: Sat, 19 May 2018 02:39:46 +0800 Committer: Ben Hutchings <ben at decadent.org.uk> CommitDate: Sat, 28 Mar 2020 21:42:55 +0000 [klibc] dash: memalloc: Add

The box has a fairly heavy UDP load. Its RELENG_7 as of today and took 3hrs for it to dump core. Fatal trap 12: page fault while in kernel mode cpuid = 1; apic id = 01 fault virtual address = 0x68 fault code = supervisor read, page not present instruction pointer = 0x20:0xc0637146 stack pointer = 0x28:0xe766eaac frame pointer = 0x28:0xe766eb54 code segment

http://bugzilla.mindrot.org/show_bug.cgi?id=884 dmr at gmx.it changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|DSA keys (id_dsa.pub) with |DSA keys (id_dsa.pub) with |8192 bytes or more aren't |8192 bits or more aren't |correctly

http://bugzilla.mindrot.org/show_bug.cgi?id=1090 Summary: Increase MAX_SESSIONS? Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org ReportedBy: cjwatson at debian.org

For some odd reason, one line was removed from the handling of ProxyCommand in readconf.c. As a result, ssh crashes on strlen(string) when it parses this option. --- readconf.c:X Mon Aug 6 23:35:52 2001 +++ readconf.c Wed Aug 15 16:11:44 2001 @@ -475,6 +475,7 @@ case oProxyCommand: charptr = &options->proxy_command; + string = xstrdup(""); while ((arg =

I just upgraded to OpenSSH 3.4p1 from 2.5.2p2 to take advantage of privilege separation. After installation, when a user tries to login he gets dropped almost immediately. In the server's /var/log/messages: Jun 26 20:15:04 sclp3 sshd[6433]: Accepted password for jason from 128.165.148.66 port 41871 ssh2 Jun 26 20:15:12 sclp3 jason[110]: sshd[6444]: fatal: xrealloc: out of memory (new_size