OpenSSH Buffer Mismanagement Vulnerabilities

A buffer-mismanagement vulnerability has been reported in OpenSSH. This issue resides in the 'buffer.c' source file and may potentially be exploited to execute arbitrary code with the privileges of OpenSSH, but this has not been confirmed. The issue may cause a denial of service. This condition can reportedly be triggered by an overly large packet.

There are also unconfirmed rumors of an exploit for this vulnerability circulating in the wild.

OpenSSH has revised their advisory, pointing out a similar issue in the 'channels.c' source file and an additional issue in 'buffer.c'. Solar Designer has also reportedly pointed out additional instances of the problem that may also present vulnerabilities.


Privacy Statement
Copyright 2010, SecurityFocus