[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: libssh bugs found via fuzzing


On Thursday 03 September 2009 16:45:39 Jean Sigwald wrote:
> Hi,

Hi Laurent,

> 
> We are security researchers working at Orange Labs. Our area of research
> is focused on vulnerability research with fuzzing techniques.

thanks for doing the research. This is really appreciated.

> We found 3 issues in libssh 0.3.3 that can be used to crash the
> samplesshd server remotely:
> - missing NULL pointer check in crypt_set_algorithms_server

I've added the checks. Maybe we should look at this part soon and improve it.

> - integer overflow in buffer_get_data

I've fixed this too.

> - heap overflow in packet_decrypt, which seems to be caused by calling
> DES_ede3_cbc_encrypt with a length that is not a multiple of 8

This is strange. I have to look at openssl and talk to Aris about this 
problem. Which version of openssl did you use?


Cheers,


	-- andreas

Attachment: signature.asc
Description: This is a digitally signed message part.


References:
libssh bugs found via fuzzingJean Sigwald <jean.sigwald@xxxxxxxxxxxxxxxxxx>
Archive administrator: postmaster@lists.cynapses.org