[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: libssh bugs found via fuzzing
[Thread Prev] | [Thread Next]
- Subject: Re: libssh bugs found via fuzzing
- From: Andreas Schneider <mail@xxxxxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Thu, 3 Sep 2009 23:02:24 +0200
- To: libssh@xxxxxxxxxx
- Cc: Laurent Butti <laurent.butti@xxxxxxxxxxxxxxxxxx>
On Thursday 03 September 2009 16:45:39 Jean Sigwald wrote: > Hi, Hi Laurent, > > We are security researchers working at Orange Labs. Our area of research > is focused on vulnerability research with fuzzing techniques. thanks for doing the research. This is really appreciated. > We found 3 issues in libssh 0.3.3 that can be used to crash the > samplesshd server remotely: > - missing NULL pointer check in crypt_set_algorithms_server I've added the checks. Maybe we should look at this part soon and improve it. > - integer overflow in buffer_get_data I've fixed this too. > - heap overflow in packet_decrypt, which seems to be caused by calling > DES_ede3_cbc_encrypt with a length that is not a multiple of 8 This is strange. I have to look at openssl and talk to Aris about this problem. Which version of openssl did you use? Cheers, -- andreas
Attachment:
signature.asc
Description: This is a digitally signed message part.
| libssh bugs found via fuzzing | Jean Sigwald <jean.sigwald@xxxxxxxxxxxxxxxxxx> |