lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
From: auto64746 at hushmail.com (auto64746@...hmail.com)
Subject: openssh remote exploit

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

you can see the 2 bugs in this code?, seems to of me that theo could
not. i am of understanding that there are exploits working on this in
the wild. 3 remote holes in default install now !
hahaha

void *
buffer_append_space(Buffer *buffer, u_int len)
{
        void *p;

        if (len > 0x100000)
                fatal("buffer_append_space: len %u not supported", len);

        /* If the buffer is empty, start using it from the beginning.
*/
        if (buffer->offset == buffer->end) {
                buffer->offset = 0;
                buffer->end = 0;
        }
restart:
        /* If there is enough space to store all data, store it now.
*/
        if (buffer->end + len < buffer->alloc) {
                p = buffer->buf + buffer->end;
                buffer->end += len;
                return p;
        }
        /*
         * If the buffer is quite empty, but all data is at the end,
move the
         * data to the beginning and retry.
         */
        if (buffer->offset > buffer->alloc / 2) {
                memmove(buffer->buf, buffer->buf + buffer->offset,
                        buffer->end - buffer->offset);
                buffer->end -= buffer->offset;
                buffer->offset = 0;
                goto restart;
        }
        /* Increase the size of the buffer and retry. */
        buffer->alloc += len + 32768;
        if (buffer->alloc > 0xa00000)
                fatal("buffer_append_space: alloc %u not supported",
                    buffer->alloc);
        buffer->buf = xrealloc(buffer->buf, buffer->alloc);
        goto restart;
        /* NOTREACHED */
}
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.3

wkYEARECAAYFAj9mSqAACgkQO4YmZKj9rSu4mQCeMS8jvadKaKO01kAwl3Ykwirr9ZEA
oLOwzsupmVKP+z1R/5OSlu8NHngf
=c0bi
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434

Promote security and make money with the Hushmail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ