[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: libssh bugs found via fuzzing
[Thread Prev] | [Thread Next]
- Subject: Re: libssh bugs found via fuzzing
- From: Jean Sigwald <jean.sigwald@xxxxxxxxxxxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Fri, 04 Sep 2009 14:25:06 +0200
- To: libssh@xxxxxxxxxx
- Cc: Laurent Butti <laurent.butti@xxxxxxxxxxxxxxxxxx>
Thanks for your quick response. We used openssl 0.9.8.7 release. Best regards, Jean Sigwald Laurent Butti a écrit : > > ------------------------------------------------------------------------ > > Sujet: > Re: libssh bugs found via fuzzing > Expéditeur: > Andreas Schneider <mail@xxxxxxxxxxxx> > Date: > Thu, 3 Sep 2009 23:02:24 +0200 > Destinataire: > libssh@xxxxxxxxxx > > Destinataire: > libssh@xxxxxxxxxx > Copie à: > Laurent Butti <laurent.butti@xxxxxxxxxxxxxxxxxx> > > > On Thursday 03 September 2009 16:45:39 Jean Sigwald wrote: >> Hi, > > Hi Laurent, > >> We are security researchers working at Orange Labs. Our area of research >> is focused on vulnerability research with fuzzing techniques. > > thanks for doing the research. This is really appreciated. > >> We found 3 issues in libssh 0.3.3 that can be used to crash the >> samplesshd server remotely: >> - missing NULL pointer check in crypt_set_algorithms_server > > I've added the checks. Maybe we should look at this part soon and improve it. > >> - integer overflow in buffer_get_data > > I've fixed this too. > >> - heap overflow in packet_decrypt, which seems to be caused by calling >> DES_ede3_cbc_encrypt with a length that is not a multiple of 8 > > This is strange. I have to look at openssl and talk to Aris about this > problem. Which version of openssl did you use? > > > Cheers, > > > -- andreas
Archive administrator: postmaster@lists.cynapses.org