Displaying 20 results from an estimated 700 matches similar to: "OpenSSH Security Advisory: buffer.adv"
2003 Sep 16
5
OpenSSH Security Advisory: buffer.adv
This is the 1st revision of the Advisory.
This document can be found at: http://www.openssh.com/txt/buffer.adv
1. Versions affected:
All versions of OpenSSH's sshd prior to 3.7 contain a buffer
management error. It is uncertain whether this error is
potentially exploitable, however, we prefer to see bugs
fixed proactively.
2. Solution:
Upgrade to OpenSSH
2003 Sep 16
1
[alambert@quickfire.org: Heads up -- potential problems in 3.7, too? [Fwd: OpenSSH Security Advisory: buffer.adv]]
Is anybody aware of this?
-hc
----- Forwarded message from Alex Lambert <alambert@quickfire.org> -----
3.7.1 was just released.
Two patches for similar issues in a very short timeframe. Who do they
think they are -- Microsoft? <grin>
apl
-------- Original Message --------
Subject: OpenSSH Security Advisory: buffer.adv
Date: Wed, 17 Sep 2003 01:13:30 +0200
From: Markus Friedl
2004 Jul 07
3
DynamicWindow Patch
We have developed a patch that enables changing the SSH window size
using the tcp window size as the source. This allows SSH to obtain
maximum use of the bandwidth on high BDP links.
We also have a page that describes the changes and performance.
http://www.psc.edu/~rapier/hpn-ssh/
The patch against CVS is included here.
Common subdirectories: src/usr.bin/ssh/CVS and ssh/CVS
diff -u
2003 Sep 15
1
Fwd: Re: [Full-Disclosure] new ssh exploit?
Has anyone around here heard of this ?
---Mike
>Subject: Re: [Full-Disclosure] new ssh exploit?
>From: christopher neitzert <chris@neitzert.com>
>Reply-To: chris@neitzert.com
>To: full-disclosure@lists.netsys.com
>X-Mailer: Ximian Evolution 1.4.3.99
>Sender: full-disclosure-admin@lists.netsys.com
>X-BeenThere: full-disclosure@lists.netsys.com
2004 Jul 14
1
New dynamic window patch (with limits)
As before, it is described on our website. This should apply fairly
cleanly to both portable and openbsd ssh.
http://www.psc.edu/networking/hpn-ssh/
Only in openssh-3.8.1p1-dynwindow: Makefile
diff -u openssh-3.8.1p1/buffer.c openssh-3.8.1p1-dynwindow/buffer.c
--- openssh-3.8.1p1/buffer.c 2003-11-21 07:56:47.000000000 -0500
+++ openssh-3.8.1p1-dynwindow/buffer.c 2004-07-12 07:49:29.000000000
2003 Sep 16
9
OpenSSH heads-up
OK, an official OpenSSH advisory was released, see here:
<URL: http://www.mindrot.org/pipermail/openssh-unix-announce/2003-September/000063.html >
The fix is currently in FreeBSD -CURRENT and -STABLE. It will be
applied to the security branches as well today. Attached are patches:
buffer46.patch -- For FreeBSD 4.6-RELEASE and later
buffer45.patch -- For FreeBSD 4.5-RELEASE and
2002 Jul 01
3
3.4p1: 'buffer_append_space: alloc 10506240 not supported'
I have been trying to install 3.4p1 on a number of machines.
Servers on ia64 Linux, i386 Linux and SPARC Solaris are all working
like charms. On the other hand, I am having trouble at least with
HPUX 11, DEC OSF 5.1 and Unixware: on all those systems, sshd bails
out after authentication with an error in buffer_append_space.
Here is the output of sshd -d on the UnixWare machine
(uname -a:
2007 Feb 18
8
[Bug 1286] SFTP keeps reading input until it runs out of buffer space
http://bugzilla.mindrot.org/show_bug.cgi?id=1286
Summary: SFTP keeps reading input until it runs out of buffer
space
Product: Portable OpenSSH
Version: v4.5p1
Platform: All
OS/Version: Linux
Status: NEW
Keywords: patch
Severity: normal
Priority: P2
Component: sftp
2017 May 11
1
xrealloc namespace conflict
On 11 May 2017 at 12:16, Patrick Perry wrote:
| I've done a bit more investigation into this issue. Here is my current
| understanding of the situation:
|
| 1. I have a package on CRAN (corpus-0.3.1) that passes tests on all
| platforms except for Linux.
| 2. My package defines a C function, "xrealloc", for internal use.
| 3. The libreadline library that R links to defines a
2017 May 06
2
xrealloc namespace conflict
I have a package on CRAN now (corpus-0.3.1) that is currently failing
tests on Linux, but passing on all other architectures:
https://cran.r-project.org/web/checks/check_results_corpus.html
I believe that the issue arrises from a namespace class between
"xrealloc", which my package provides for internal use, but which R also
seems to provide (possibly as part of TRE in
2012 Jul 02
0
[klibc:master] [MEMALLOC] Avoid gcc warning: variable ' oldstackp' set but not used
Commit-ID: cf9ea962f1fb310a92efd184f14df2c04b30f75a
Gitweb: http://git.kernel.org/?p=libs/klibc/klibc.git;a=commit;h=cf9ea962f1fb310a92efd184f14df2c04b30f75a
Author: Jim Meyering <meyering at redhat.com>
AuthorDate: Fri, 8 Jul 2011 16:12:20 +0800
Committer: maximilian attems <max at stro.at>
CommitDate: Mon, 2 Jul 2012 10:44:23 +0200
[klibc] [MEMALLOC] Avoid gcc warning:
2020 Mar 28
0
[klibc:update-dash] dash: memalloc: Avoid looping in growstackto
Commit-ID: 21ceb151c758eb2384962b9ee8abc33b5bd674e9
Gitweb: http://git.kernel.org/?p=libs/klibc/klibc.git;a=commit;h=21ceb151c758eb2384962b9ee8abc33b5bd674e9
Author: Herbert Xu <herbert at gondor.apana.org.au>
AuthorDate: Thu, 31 May 2018 01:51:48 +0800
Committer: Ben Hutchings <ben at decadent.org.uk>
CommitDate: Sat, 28 Mar 2020 21:42:55 +0000
[klibc] dash: memalloc: Avoid
2014 Dec 30
2
CVE-2002-0083 - whats the problem? beginners question
Hi,
I'm not a programmer nor able to fully understand the code of openssh in detail - hence my question here.
Out of curiosity I was looking at the patch for CVE-2002-0083 and tried to understand what the actual problem is, but failed:
--- channels_old.c?? ?Mon Mar? 4 02:07:06 2002
+++ channels.c?? ?Mon Mar? 4 02:07:16 2002
@@ -151,7 +151,7 @@
?channel_lookup(int id)
?{
??? ?Channel *c;
-??
2000 Jan 07
2
possible clue on tcp forwarding problems
When I encounter the problem with TCP port forwarding locking up, I'll
see this on the client window (if I haven't invoked ssh with -q):
chan_shutdown_read failed for #1/fd6: Transport endpoint is not connected
chan_shutdown_read failed for #1/fd6: Transport endpoint is not connected
This is with Blowfish encryption. I have to kill and restart the client
when this happens.
Phil
2020 Mar 28
0
[klibc:update-dash] dash: memalloc: Add growstackto helper
Commit-ID: 1df4e2a6786b049decbc6ab1683108da86479891
Gitweb: http://git.kernel.org/?p=libs/klibc/klibc.git;a=commit;h=1df4e2a6786b049decbc6ab1683108da86479891
Author: Herbert Xu <herbert at gondor.apana.org.au>
AuthorDate: Sat, 19 May 2018 02:39:46 +0800
Committer: Ben Hutchings <ben at decadent.org.uk>
CommitDate: Sat, 28 Mar 2020 21:42:55 +0000
[klibc] dash: memalloc: Add
2009 Apr 21
4
RELENG_7 crash
The box has a fairly heavy UDP load. Its RELENG_7 as of today and
took 3hrs for it to dump core.
Fatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 01
fault virtual address = 0x68
fault code = supervisor read, page not present
instruction pointer = 0x20:0xc0637146
stack pointer = 0x28:0xe766eaac
frame pointer = 0x28:0xe766eb54
code segment
2004 Jun 23
8
[Bug 884] DSA keys (id_dsa.pub) with 8192 bits or more aren't correctly recognized
http://bugzilla.mindrot.org/show_bug.cgi?id=884
dmr at gmx.it changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|DSA keys (id_dsa.pub) with |DSA keys (id_dsa.pub) with
|8192 bytes or more aren't |8192 bits or more aren't
|correctly
2005 Sep 23
7
[Bug 1090] Increase MAX_SESSIONS?
http://bugzilla.mindrot.org/show_bug.cgi?id=1090
Summary: Increase MAX_SESSIONS?
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P2
Component: sshd
AssignedTo: bitbucket at mindrot.org
ReportedBy: cjwatson at debian.org
2001 Aug 15
1
ProxyCommand broken in SNAP-20010814
For some odd reason, one line was removed from the handling of
ProxyCommand in readconf.c. As a result, ssh crashes on strlen(string)
when it parses this option.
--- readconf.c:X Mon Aug 6 23:35:52 2001
+++ readconf.c Wed Aug 15 16:11:44 2001
@@ -475,6 +475,7 @@
case oProxyCommand:
charptr = &options->proxy_command;
+ string = xstrdup("");
while ((arg =
2002 Jun 27
3
UsePrivilegeSeparation: "fatal: xrealloc: out of memory"
I just upgraded to OpenSSH 3.4p1 from 2.5.2p2 to take advantage of
privilege separation. After installation, when a user tries to login
he gets dropped almost immediately. In the server's
/var/log/messages:
Jun 26 20:15:04 sclp3 sshd[6433]: Accepted password for jason from 128.165.148.66 port 41871 ssh2
Jun 26 20:15:12 sclp3 jason[110]: sshd[6444]: fatal: xrealloc: out of memory (new_size