lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <13.19-4153-28424513-1215588658@stream.cz>
Date: Wed, 09 Jul 2008 09:30:59 +0200 (CEST)
From: mrdkaaa <mrdkaaa@...eam.cz>
To: full-disclosure@...ts.grok.org.uk
Subject: [MSA080709-001] OpenSSH Vulnerability

Mrdkaaa Security Advisory 080709-001

Package : OpenSSH
Date    : July 09, 2008


1. Details

[openssh-5.0p1/auth1.c]

   234  static void
   235  do_authloop(Authctxt *authctxt)

   345                          len = buffer_len(&loginmsg);
   346                          buffer_append(&loginmsg, "\0", 1);
   347                          msg = buffer_ptr(&loginmsg);

   354                          packet_disconnect(msg);


[openssh-5.0p1/packet.c]

  1377  void
  1378  packet_disconnect(const char *fmt,...)

  1392          va_start(args, fmt);
  1393          vsnprintf(buf, sizeof(buf), fmt, args);
  1394          va_end(args);


2. Analysis

  100% lame


3. Detection

  -rwsr-sr-x 1 root root 678832 2008-07-09 03:47 /tmp/sh
  root     pts/1    1.3.3.7          03:48    0.00s  0.00s  0.00s /tmp/sh


4. Pwnie Awards 2008

  To submit a nomination, visit the Pwnie Awards site at http://pwnie-awards.org/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ