[12607] in bugtraq
Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7)
daemon@ATHENA.MIT.EDU (Oystein Viggen)
Tue Nov 16 12:47:35 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <03so26g24n.fsf@colargol.tihlde.hist.no>
Date: Tue, 16 Nov 1999 11:30:16 +0100
Reply-To: Oystein Viggen <oysteivi@TIHLDE.ORG>
From: Oystein Viggen <oysteivi@TIHLDE.ORG>
X-To: Blue Boar <BlueBoar@THIEVCO.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Blue Boar's message of "Sat, 13 Nov 1999 10:46:51 -0800"
Blue Boar wrote:
> <SNIP>
> Debian is immune for the (somewhat messy) reasons that they do not link
> ssh to rsaref, last time that I checked.
> <SNIP>
Does the fact that the international version of ssh from replay.com uses
"internal rsaref" instead of the "external rsaref" in the US version make
it immune to this attack too?
The version is at least not as far as I can see externally linked to any
rsaref library:
[oysteivi@colargol ~]$ ldd /usr/sbin/sshd1
libz.so.1 => /usr/lib/libz.so.1 (0x40017000)
libnsl.so.1 => /lib/libnsl.so.1 (0x40027000)
libcrypt.so.1 => /lib/libcrypt.so.1 (0x4003d000)
libpam.so.0 => /lib/libpam.so.0 (0x4006a000)
libdl.so.2 => /lib/libdl.so.2 (0x40072000)
libutil.so.1 => /lib/libutil.so.1 (0x40075000)
libc.so.6 => /lib/libc.so.6 (0x40078000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
(http://www.zedz.net/redhat/ssh.html to check it out for yourselves).
Oystein
--
"It's pudding time, children!"
