OpenSSH Channel Code Off-By-One Vulnerability Solution:
A patch has been provided by the OpenSSH team:
diff -u -r1.170 -r1.171
--- channels.c 27 Feb 2002 21:23:13 -0000 1.170
+++ channels.c 4 Mar 2002 19:37:58 -0000 1.171
@@ -146,7 +146,7 @@
{
Channel *c;
- if (id < 0 || id > channels_alloc) {
+ if (id < 0 || id >= channels_alloc) {
log("channel_lookup: %d: bad id", id);
return NULL;
}
Updated versions are available.
Please see the references for more information.
OpenSSH OpenSSH 2.1
OpenSSH OpenSSH 2.1.1
OpenSSH OpenSSH 2.2
OpenSSH OpenSSH 2.3
OpenSSH OpenSSH 2.5
OpenSSH OpenSSH 2.5.1
OpenSSH OpenSSH 2.5.2
OpenSSH OpenSSH 2.9
OpenSSH OpenSSH 2.9 p1
OpenSSH OpenSSH 2.9 p2
OpenSSH OpenSSH 2.9.9
OpenSSH OpenSSH 3.0.1
OpenSSH OpenSSH 3.0.2 p1
OpenSSH OpenSSH 3.0.2
