[25187] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable

daemon@ATHENA.MIT.EDU (Marcell Fodor)
Fri Apr 19 22:19:48 2002

Date: 19 Apr 2002 22:42:51 -0000
Message-ID: <20020419224251.1438.qmail@mail.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Marcell Fodor <m.fodor@mail.datanet.hu>
To: bugtraq@securityfocus.com



effect:
	local root

 vulnerable services:

	-pass Kerberos IV TGT
	-pass AFS Token 

bug details:

	radix.c
	GETSTRING macro in radix_to_creds 
function may cause buffer overflow.
	affected buffers:
	
	    creds->service
	    creds->instance
	    creds->realm
	    creds->pinst

exploit code here: mantra.freeweb.hu


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[25187] in bugtraq

OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable

daemon@ATHENA.MIT.EDU (Marcell Fodor)Fri Apr 19 22:19:48 2002

daemon@ATHENA.MIT.EDU (Marcell Fodor)
Fri Apr 19 22:19:48 2002