Bug in ssh client (open ssh 2.3.0)
hi, When Michal Zalewski found bug in ssh, most people tried to reinstall their ssh. They usualy install openssh 2.3.0 or higher, or ssh2.com Well, it could not be the best fix using openssh client 2.3.0p1 (i dont check other ver.). I've compile it from sources, so look at it: mezon@ania:~$whereis ssh ssh: /usr/local/bin/ssh mezon@ania:~$ls -al /usr/local/bin/ssh -rws--x--x 1 root root 663364 Feb 8 14:48 /usr/local/bin/ssh* mezon@ania:~$ssh mezon@ania mezon@ania's password: Segmentation fault mezon@ania:~$ When it crash? heh, there must be some conditions: 1. on my host : mist be typed "ssh -l mezon ania" or ssh mezon@ania (When using full ip or address it will not segv) 2. when password prompted, You will have to type some chars, then press BACKSPACE button , and next ENTER Ssh client is suid, so it could be real problem. Must check source... Mezon -- Tomasz Kuzniar [EMAIL PROTECTED] * Polska Platforma Internetowa * ~ ~ ~ "Wioska zabita dechami - Village killed by desks"
Re: SuSe / Debian man package format string vulnerability
On Wed, Jan 31, 2001 at 02:22:01PM -, Joao Gouveia wrote: : The man package that ships with SuSe Linux ( at least versions 6.1 throught : 7.0 ) has a format string vulnerability. Also debian 2.2r2 ( at least ), is : confirmed to have the same problem. : : quote : jroberto@spike:~ man -l %x%x%x%x : man: 4000bc7438049af00: No such file or directory : /quote The same problem in most (all?) distributions is with m4 - GNU macro processor code, when trying use -G option: mezon@beata:~$ m4 -G %x%x%x%x m4: 40012a48380491e00: No such file or directory -- Tomasz Kuzniar [EMAIL PROTECTED] * Polska Platforma Internetowa * ~ ~ ~ "Wyjsc na ludzi - Go out on people"
String vun. in m4 macro processor (same as in man)
Hi, bug same as provious in man on debian (suse also?). Just look: mezon@beata$ m4 -G %x%x%x%x m4: 40012a48380491e00: No such file or directory mezon@beata$ or mezon@beata$ m4 -G %p m4: 0x40012a48: No such file or directory -- Tomasz Kuzniar [EMAIL PROTECTED] * Polska Platforma Internetowa * ~ ~ ~ "Chuj mnie to obchodzi - Penis is walking around me"
