[3653] in bugtraq
ssh w/ solaris 2.5.[1]
daemon@ATHENA.MIT.EDU (Aleph One)
Wed Nov 20 04:08:56 1996
Date: Mon, 18 Nov 1996 18:23:32 -0600
Reply-To: Aleph One <aleph1@dfw.net>
From: Aleph One <aleph1@dfw.net>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
It seems that ssh is also affected by the solaris nsl lib hole. Simply
change execl() to run ssh and your root.
Here is a quick unofficial patch to fix ssh-1.2.17. I've yet to look into
sshd.
*** ssh.c.orig Tue Oct 29 20:27:54 1996
--- ssh.c Mon Nov 18 13:32:42 1996
***************
*** 604,609 ****
--- 604,614 ----
if (options.hostname != NULL)
host = options.hostname;
+ if (strlen(host) > 512) {
+ printf("Invalid hostname.\n");
+ exit(-1);
+ }
+
/* Disable rhosts authentication if not running as root. */
if (original_effective_uid != 0)
{
BTW, the exploit wont work on machines other than sun4m's.
Aleph One / aleph1@underground.org
http://underground.org/
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
