SSH vulnerability

Yesterday, news of an ssh vulnerability hit Slashdot.org.

Still can’t find any information on or first-hand accounts of an exploit. Note that this is not a “buffer overflow”. Instead it is a problem with the “general buffer management function”.

The difference?

Generally, buffer overflows allow the person exploiting the vulnerability to put arbitrary code on the stack for execution. In this case, the problem is that, when over-writing sensitive data on the heap, the buffer managment code writes 0’s too far out.

The key here is that the buffer being managed is on the heap. It is my understanding that heap-based exploits are much more difficult than stack-based ones.

Bottom line: you’re probably looking at a DoS at the most.

Oh, and “UsePrivilegeSeperation yes” will help minimize the damage of this sort of problem in the future.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.