OpenSSH Channel Code Off-By-One Vulnerability

Solution:
A patch has been provided by the OpenSSH team:

diff -u -r1.170 -r1.171
--- channels.c 27 Feb 2002 21:23:13 -0000 1.170
+++ channels.c 4 Mar 2002 19:37:58 -0000 1.171
@@ -146,7 +146,7 @@
{
Channel *c;

- if (id < 0 || id > channels_alloc) {
+ if (id < 0 || id >= channels_alloc) {
log("channel_lookup: %d: bad id", id);
return NULL;
}

Updated versions are available.

Please see the references for more information.


OpenSSH OpenSSH 2.1

OpenSSH OpenSSH 2.1.1

OpenSSH OpenSSH 2.2

OpenSSH OpenSSH 2.3

OpenSSH OpenSSH 2.5

OpenSSH OpenSSH 2.5.1

OpenSSH OpenSSH 2.5.2

OpenSSH OpenSSH 2.9

OpenSSH OpenSSH 2.9 p1

OpenSSH OpenSSH 2.9 p2

OpenSSH OpenSSH 2.9.9

OpenSSH OpenSSH 3.0.1

OpenSSH OpenSSH 3.0.2 p1

OpenSSH OpenSSH 3.0.2


 

Privacy Statement
Copyright 2010, SecurityFocus