OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable buffer overflow

Marcell Fodor Fri, 19 Apr 2002 19:00:28 -0700


effect:
        local root

 vulnerable services:

        -pass Kerberos IV TGT
        -pass AFS Token 

bug details:

        radix.c
        GETSTRING macro in radix_to_creds 
function may cause buffer overflow.
        affected buffers:
        
            creds->service
            creds->instance
            creds->realm
            creds->pinst

exploit code here: mantra.freeweb.hu

OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable buffer overflow

Reply via email to