[Nolug] More on the SSH vulnerability

From: Mark A. Hershberger <mah_at_everybody.org>
Date: Wed, 17 Sep 2003 13:07:25 -0500
Message-ID: <874qzb70gy.fsf@weblog.localhost>

http://www.cert.org/advisories/CA-2003-24.html
http://xforce.iss.net/xforce/alerts/id/144

(The ISS.net link is quite informative.)

Still can't find any information on or first-hand accounts of an
exploit. Note that this is not a "buffer overflow". Instead it is a
problem with the "general buffer management function".

The difference?

Generally, buffer overflows allow the person exploiting the
vulnerability to put arbitrary code on the stack for execution. In
this case, the problem is that, when over-writing sensitive data /on
the heap/, the buffer management code writes 0's too far out.

The key here is that the buffer being managed is on the heap. It is
my understanding that heap-based exploits are much more difficult than
stack-based ones.

Bottom line: you're probably looking at a DoS at the most.

Oh, and "UsePrivilegeSeperation yes" will help minimize the damage of
this sort of problem in the future.

Mark.

___________________
Nolug mailing list
nolug@nolug.org
Received on 09/17/03

This archive was generated by hypermail 2.2.0 : 12/19/08 EST