[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[gsi-openssh] [ANNOUNCE] GSI-OpenSSH 2.7 Released - Security Fix Included

To: <gsi-openssh@globus.org>
Subject: [gsi-openssh] [ANNOUNCE] GSI-OpenSSH 2.7 Released - Security Fix Included
From: "Chase Phillips" <cmp@uiuc.edu>
Date: Tue, 16 Sep 2003 15:51:50 -0500
Importance: Normal
Sender: owner-gsi-openssh@globus.org

The GSI-OpenSSH development team announces the release of version 2.7 of
the GSI-Enabled OpenSSH software distribution.  GSI-OpenSSH 2.7 is based
on OpenSSH 3.6.1p2 and NCSA's latest GSI patch for that version of
OpenSSH.  A summary of the major changes found in this version is given
at the end of this document.

GSI-OpenSSH 2.7 is available for download from

  <ftp://ftp.ncsa.uiuc.edu/aces/gssapi-openssh/bundle/2.7/>

For installation instructions, please see

  <http://grid.ncsa.uiuc.edu/ssh/install.html>

We appreciate your feedback and help in testing this version.  Please
use our bugzilla system to report GSI-OpenSSH bugs to the GSI-OpenSSH
team.  This bugzilla system is located at:

   <https://bugzilla.ncsa.uiuc.edu/index.cgi>

GSI-OpenSSH 2.7 Major changes

   Security fixes

      * Incorporate buffer.c patch for recent vulnerability announced by
OpenSSH team. [1]

   Bugs fixed

      * Fix broken ssh-keysign for hostbased authentication

Chase Phillips
--
     Systems Programmer, NSM/GST, NCSA ][ -111--0010-0-1100-10
 <http://www.ncsa.uiuc.edu/~cphillip/> ][ 00-00-01-10--1-00-01

1. "OpenSSH Security Advisory: buffer.adv", Markus Friedl,
http://www.mindrot.org/pipermail/openssh-unix-announce/2003-September/00
0063.html

[openssh-unix-announce] OpenSSH Security Advisory: buffer.adv

This is the 1st revision of the Advisory.

This document can be found at:  http://www.openssh.com/txt/buffer.adv

1. Versions affected:

        All versions of OpenSSH's sshd prior to 3.7 contain a buffer
        management error.  It is uncertain whether this error is
        potentially exploitable, however, we prefer to see bugs
        fixed proactively.

2. Solution:

	Upgrade to OpenSSH 3.7 or apply the following patch.

Appendix:

Index: buffer.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/buffer.c,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- buffer.c	26 Jun 2002 08:54:18 -0000	1.16
+++ buffer.c	16 Sep 2003 03:03:47 -0000	1.17
@@ -69,6 +69,7 @@
 void *
 buffer_append_space(Buffer *buffer, u_int len)
 {
+	u_int newlen;
 	void *p;
 
 	if (len > 0x100000)
@@ -98,11 +99,13 @@
 		goto restart;
 	}
 	/* Increase the size of the buffer and retry. */
-	buffer->alloc += len + 32768;
-	if (buffer->alloc > 0xa00000)
+	
+	newlen = buffer->alloc + len + 32768;
+	if (newlen > 0xa00000)
 		fatal("buffer_append_space: alloc %u not supported",
-		    buffer->alloc);
-	buffer->buf = xrealloc(buffer->buf, buffer->alloc);
+		    newlen);
+	buffer->buf = xrealloc(buffer->buf, newlen);
+	buffer->alloc = newlen;
 	goto restart;
 	/* NOTREACHED */
 }

Prev by Date: Re: [gsi-openssh] gsiopenssh question
Next by Date: [gsi-openssh] GSSAPI bindings in openssh 3.7.x
Previous by thread: Re: [gsi-openssh] gsiopenssh question
Next by thread: [gsi-openssh] GSSAPI bindings in openssh 3.7.x
Index(es):
- Date
- Thread