* [gentoo-dev] openssh exploit
@ 2003-09-16 13:22 Mishael A Sibiryakov
2003-09-16 13:32 ` Mike Frysinger
0 siblings, 1 reply; 6+ messages in thread
From: Mishael A Sibiryakov @ 2003-09-16 13:22 UTC (permalink / raw
To: Gentoo Dev
Look at this:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
you can see the 2 bugs in this code?, seems to of me that theo could
not. i am of understanding that there are exploits working on this in
the wild. 3 remote holes in default install now !
hahaha
void *
buffer_append_space(Buffer *buffer, u_int len)
{
void *p;
if (len > 0x100000)
fatal("buffer_append_space: len %u not supported", len);
/* If the buffer is empty, start using it from the beginning.
*/
if (buffer->offset == buffer->end) {
buffer->offset = 0;
buffer->end = 0;
}
restart:
/* If there is enough space to store all data, store it now.
*/
if (buffer->end + len < buffer->alloc) {
p = buffer->buf + buffer->end;
buffer->end += len;
return p;
}
/*
* If the buffer is quite empty, but all data is at the end,
move the
* data to the beginning and retry.
*/
if (buffer->offset > buffer->alloc / 2) {
memmove(buffer->buf, buffer->buf + buffer->offset,
buffer->end - buffer->offset);
buffer->end -= buffer->offset;
buffer->offset = 0;
goto restart;
}
/* Increase the size of the buffer and retry. */
buffer->alloc += len + 32768;
if (buffer->alloc > 0xa00000)
fatal("buffer_append_space: alloc %u not supported",
buffer->alloc);
buffer->buf = xrealloc(buffer->buf, buffer->alloc);
goto restart;
/* NOTREACHED */
}
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.3
wkYEARECAAYFAj9mSqAACgkQO4YmZKj9rSu4mQCeMS8jvadKaKO01kAwl3Ykwirr9ZEA
oLOwzsupmVKP+z1R/5OSlu8NHngf
=c0bi
-----END PGP SIGNATURE-----
and
http://www.freebsd.org/cgi/cvsweb.cgi/src/crypto/openssh/buffer.c.diff?r1=1.1.1.6&r2=1.1.1.7&f=h
and
ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/
File:openssh-3.7p1-vs-openbsd.diff.gz 360 KB 16.09.2003 05:00:00
File:openssh-3.7p1.tar.gz 773 KB 16.09.2003 05:00:00
File:openssh-3.7p1.tar.gz.sig 1 KB 16.09.2003 05:00:00
Someone do anything ? Like a new ebuild
--
Time : 19:20:17-16:09:2003
NP : 18 Linkin Park - Kyur4 The Ich-chairman Hahn
SysStat : 19:20:17 up 14 days, 11:01, 2 users, load average: 0.44, 0.37,
0.39
--
gentoo-dev@gentoo.org mailing list
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [gentoo-dev] openssh exploit
2003-09-16 13:22 [gentoo-dev] openssh exploit Mishael A Sibiryakov
@ 2003-09-16 13:32 ` Mike Frysinger
2003-09-16 13:39 ` Mishael A Sibiryakov
0 siblings, 1 reply; 6+ messages in thread
From: Mike Frysinger @ 2003-09-16 13:32 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: signed data --]
[-- Type: text/plain, Size: 190 bytes --]
On Tuesday 16 September 2003 09:22, Mishael A Sibiryakov wrote:
> Someone do anything ? Like a new ebuild
already been reported twice now
http://bugs.gentoo.org/show_bug.cgi?id=28873
-mike
[-- Attachment #2: signature --]
[-- Type: application/pgp-signature, Size: 827 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [gentoo-dev] openssh exploit
2003-09-16 13:32 ` Mike Frysinger
@ 2003-09-16 13:39 ` Mishael A Sibiryakov
2003-09-16 13:44 ` Mike Frysinger
0 siblings, 1 reply; 6+ messages in thread
From: Mishael A Sibiryakov @ 2003-09-16 13:39 UTC (permalink / raw
To: gentoo-dev
В Втр, 16.09.2003, в 19:32, Mike Frysinger пишет:
> On Tuesday 16 September 2003 09:22, Mishael A Sibiryakov wrote:
> > Someone do anything ? Like a new ebuild
>
> already been reported twice now
> http://bugs.gentoo.org/show_bug.cgi?id=28873
> -mike
How about new 3.7 openssh ebuild ?
--
Time : 19:35:12-16:09:2003
NP : Paul Van Dyk (Berlin) - Live at Love Parade 2001
SysStat : 19:35:12 up 14 days, 11:16, 2 users, load average: 0.28, 0.20,
0.26
--
gentoo-dev@gentoo.org mailing list
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [gentoo-dev] openssh exploit
2003-09-16 13:39 ` Mishael A Sibiryakov
@ 2003-09-16 13:44 ` Mike Frysinger
2003-09-16 13:49 ` Mishael A Sibiryakov
2003-09-16 14:11 ` Mishael A Sibiryakov
0 siblings, 2 replies; 6+ messages in thread
From: Mike Frysinger @ 2003-09-16 13:44 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: signed data --]
[-- Type: text/plain, Size: 309 bytes --]
On Tuesday 16 September 2003 09:39, Mishael A Sibiryakov wrote:
> How about new 3.7 openssh ebuild ?
how about you try making one ? ;)
the current ebuild seems to be insufficient ... i encountered errors about
missing gss.h headers ...
dont really have time to debug it, i've got class now :p
-mike
[-- Attachment #2: signature --]
[-- Type: application/pgp-signature, Size: 827 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [gentoo-dev] openssh exploit
2003-09-16 13:44 ` Mike Frysinger
@ 2003-09-16 13:49 ` Mishael A Sibiryakov
2003-09-16 14:11 ` Mishael A Sibiryakov
1 sibling, 0 replies; 6+ messages in thread
From: Mishael A Sibiryakov @ 2003-09-16 13:49 UTC (permalink / raw
To: gentoo-dev
В Втр, 16.09.2003, в 19:44, Mike Frysinger пишет:
> On Tuesday 16 September 2003 09:39, Mishael A Sibiryakov wrote:
> > How about new 3.7 openssh ebuild ?
>
> how about you try making one ? ;)
> the current ebuild seems to be insufficient ... i encountered errors about
> missing gss.h headers ...
> dont really have time to debug it, i've got class now :p
> -mike
I try to do this in two hours :)
--
Time : 19:48:54-16:09:2003
NP : Oasis - Little By Little
SysStat : 19:48:54 up 14 days, 11:30, 2 users, load average: 0.40, 0.37,
0.32
--
gentoo-dev@gentoo.org mailing list
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [gentoo-dev] openssh exploit
2003-09-16 13:44 ` Mike Frysinger
2003-09-16 13:49 ` Mishael A Sibiryakov
@ 2003-09-16 14:11 ` Mishael A Sibiryakov
1 sibling, 0 replies; 6+ messages in thread
From: Mishael A Sibiryakov @ 2003-09-16 14:11 UTC (permalink / raw
To: gentoo-dev
I've been download this file:
ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.7p1.tar.gz
and building openssh without any patch. Gcc version is "gcc version
3.3.1 20030904 (Gentoo Linux 3.3.1-r1, propolice)"
>>> net-misc/openssh-3.7_p1 merged.
>>> clean: No packages selected for removal.
>>> Regenerating /etc/ld.so.cache...
>>> Auto-cleaning packages ...
>>> No outdated packages were found on your system.
* GNU info directory index is up-to-date.
* IMPORTANT: 2 config files in /etc need updating.
* Type emerge --help config to learn how to update config files.
This ebuild is working perfectly :)
junki openssh # cat openssh-3.7_p1.ebuild
inherit eutils
IUSE="ipv6 static pam tcpd kerberos selinux"
PARCH=${P/_/}
S=${WORKDIR}/${PARCH}
DESCRIPTION="Port of OpenBSD's free SSH release"
HOMEPAGE="http://www.openssh.com/"
SRC_URI="ftp://ftp.openbsd.org/pub/unix/OpenBSD/OpenSSH/portable/${PARCH}.tar.gz"
RDEPEND="virtual/glibc
pam? ( >=sys-libs/pam-0.73 >=sys-apps/shadow-4.0.2-r2 )
kerberos? ( app-crypt/mit-krb5 )
selinux? ( sys-apps/selinux-small )
>=dev-libs/openssl-0.9.6d
sys-libs/zlib"
DEPEND="${RDEPEND}
dev-lang/perl
sys-apps/groff
tcpd? ( >=sys-apps/tcp-wrappers-7.6 )"
SLOT="0"
LICENSE="as-is"
KEYWORDS="x86 ppc sparc alpha mips hppa arm amd64"
src_unpack() {
unpack ${PARCH}.tar.gz
cd ${S}
}
src_compile() {
local myconf
use tcpd || myconf="${myconf} --without-tcp-wrappers"
use tcpd && myconf="${myconf} --with-tcp-wrappers"
use pam || myconf="${myconf} --without-pam"
use pam && myconf="${myconf} --with-pam"
use ipv6 || myconf="${myconf} --with-ipv4-default"
use kerberos && myconf="${myconf} --with-kerberos5"
if [ ! -z $KTH_KRB ]; then
myconf="${myconf} --with-kerberos4=/usr/athena"
fi
use selinux && CFLAGS="${CFLAGS} -DWITH_SELINUX"
./configure \
--prefix=/usr \
--sysconfdir=/etc/ssh \
--mandir=/usr/share/man \
--libexecdir=/usr/lib/misc \
--datadir=/usr/share/openssh \
--disable-suid-ssh \
--with-privsep-path=/var/empty \
--with-privsep-user=sshd \
--with-md5-passwords \
--host=${CHOST} ${myconf} || die "bad configure"
if [ "`use static`" ]
then
# statically link to libcrypto -- good for the boot cd
perl -pi -e "s|-lcrypto|/usr/lib/libcrypto.a|g" Makefile
fi
if [ "`use selinux`" ]
then
#add -lsecure
sed "s:LIBS=\(.*\):LIBS=\1 -lsecure:" < Makefile >
Makefile.new
mv Makefile.new Makefile
fi
emake || die "compile problem"
}
src_install() {
make install-files DESTDIR=${D} || die
chmod 600 ${D}/etc/ssh/sshd_config
dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
insinto /etc/pam.d ; newins ${FILESDIR}/sshd.pam sshd
exeinto /etc/init.d ; newexe ${FILESDIR}/sshd.rc6 sshd
touch ${D}/var/empty/.keep
}
pkg_preinst() {
userdel sshd 2> /dev/null
if ! groupmod sshd; then
groupadd -g 90 sshd 2> /dev/null || \
die "Failed to create sshd group"
fi
useradd -u 22 -g sshd -s /dev/null -d /var/empty -c "sshd" sshd
|| \
die "Failed to create sshd user"
}
pkg_postinst() {
install -d -m0755 -o root -g root ${ROOT}/var/empty
if use pam >/dev/null 2>&1; then
einfo "Please be aware users need a valid shell in
/etc/passwd"
einfo "in order to be allowed to login."
einfo
fi
}
junki openssh #
--
Time : 20:07:41-16:09:2003
NP : Enigma (Radio Edit) - Principles Of Lust
SysStat : 20:07:41 up 14 days, 11:49, 2 users, load average: 2.82, 2.07,
1.20
--
gentoo-dev@gentoo.org mailing list
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2003-09-16 14:11 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-09-16 13:22 [gentoo-dev] openssh exploit Mishael A Sibiryakov
2003-09-16 13:32 ` Mike Frysinger
2003-09-16 13:39 ` Mishael A Sibiryakov
2003-09-16 13:44 ` Mike Frysinger
2003-09-16 13:49 ` Mishael A Sibiryakov
2003-09-16 14:11 ` Mishael A Sibiryakov
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox