Related information

Buffer overflow in OpenSSH

OpenSSH Security Advisory (adv.token)

From:	Marcell Fodor <m.fodor_(at)_mail.datanet.hu>
Date:	20.04.2002
Subject:	OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable buffer overflow

effect:

       local root



vulnerable services:



       -pass Kerberos IV TGT

       -pass AFS Token



bug details:



       radix.c

       GETSTRING macro in radix_to_creds

function may cause buffer overflow.

       affected buffers:

       

           creds->service

           creds->instance

           creds->realm

           creds->pinst



exploit code here: mantra.freeweb.hu