fyi:
> Date: Sat, 4 Dec 1999 17:45:20 -0500
> Sender: Bugtraq List <[EMAIL PROTECTED]>
> From: Niels Provos <[EMAIL PROTECTED]>
> Subject: Re: Security Advisory: Buffer overflow in RSAREF2
> To: [EMAIL PROTECTED]
> In-Reply-To: Gerardo Richarte, Thu, 02 Dec 1999 16:50:46 -0300
>
> In message <[EMAIL PROTECTED]>, Gerardo Richarte writes:
> > To make this clear: in combination with the buffer overflow in rsaglue.
> >c this makes possible to get
> >a remote shell on a machine running sshd AND it also makes possible to use a r
> >everse exploit to gain access on
> >clients' machines, using malicious sshd.
>
> I fear that this posting should have been even clearer.
> To sum the problem up more clearly:
>
> ssh-1.2.27 (if compiled with RSAREF2) is vulnerable. Attackers can
> obtain a shell on the machine running sshd. The exploit uses buffer
> overflows in the RSAREF2 implementation AND in the rsaglue.c file in
> ssh-1.2.27. I am surprised that there wasnt a bigger outrage on the
> mailing list about this, it is quite serious!!!
>
> On the other hand, OpenSSH is not vulnerable to this remote exploit.
> Since rsaglue.c was rewritten, OpenSSH does stricter parameter
> checking than ssh-1.2.27 and these recent problems in ssh-1.2.27 did
> NOT affect OpenSSH.
>
> Nonetheless, OpenSSH users in the USA that use OpenSSL compiled with
> RSAREF2 should update their ssl library (since isakmpd or httpd may be
> affected), see previous postings on Bugtraq, and
> http://www.openbsd.org/errata.html#sslUSA
>
> Another thing is worth mentioning, RSA could use the buffer overflow
> in RSAREF2 to scan machines in the USA for RSA license violation. For
> example, sshds that do not use RSAREF2 do will behave differently than
> those that do.
>
> Information on OpenSSH can be found at http://www.openssh.com/
> Infomration on OpenSSL can be found at http://www.openssl.org/
>
