diff options
Diffstat (limited to 'packages/dropbear/dropbear/chansession-security-fix.patch')
| -rw-r--r-- | packages/dropbear/dropbear/chansession-security-fix.patch | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/packages/dropbear/dropbear/chansession-security-fix.patch b/packages/dropbear/dropbear/chansession-security-fix.patch new file mode 100644 index 0000000000..bc4c461fee --- /dev/null +++ b/packages/dropbear/dropbear/chansession-security-fix.patch @@ -0,0 +1,74 @@ +Date: Sun, 11 Dec 2005 23:30:02 +0800 +From: Matt Johnston <matt@ucc.asn.au> +To: dropbear@ucc.gu.uwa.edu.au +Subject: Dropbear 0.47 (and security fix) +Message-ID: <20051211153002.GH28839@ucc.gu.uwa.edu.au> + +Hi all. + +I've put up a new release 0.47 of Dropbear, which has +various fixes and new features - see the change summary +below. +http://matt.ucc.asn.au/dropbear/dropbear.html is the +url as usual or directly at +http://matt.ucc.asn.au/dropbear/dropbear-0.47.tar.bz2 + +This release also fixes a potential security issue, which +may allow authenticated users to run arbitrary code as the +server user. I'm unsure exactly how likely it is to be +exploitable, but anyone who's running a multi-user server is +advised to upgrade. For older releases, the patch is: +(against chanesssion.c for 0.43 and earlier). + +--- dropbear/svr-chansession.c ++++ dropbear/svr-chansession.c +@@ -810,7 +810,7 @@ + /* need to increase size */ + if (i == svr_ses.childpidsize) { + svr_ses.childpids = (struct ChildPid*)m_realloc(svr_ses.childpids, +- sizeof(struct ChildPid) * svr_ses.childpidsize+1); ++ sizeof(struct ChildPid) * (svr_ses.childpidsize+1)); + svr_ses.childpidsize++; + } + + +Matt + + +0.47 - Thurs Dec 8 2005 + +- SECURITY: fix for buffer allocation error in server code, could potentially + allow authenticated users to gain elevated privileges. All multi-user systems + running the server should upgrade (or apply the patch available on the + Dropbear webpage). + +- Fix channel handling code so that redirecting to /dev/null doesn't use + 100% CPU. + +- Turn on zlib compression for dbclient. + +- Set "low delay" TOS bit, can significantly improve interactivity + over some links. + +- Added client keyboard-interactive mode support, allows operation with + newer OpenSSH servers in default config. + +- Log when pubkey auth fails because of bad ~/.ssh/authorized_keys permissions + +- Improve logging of assertions + +- Added aes-256 cipher and sha1-96 hmac. + +- Fix twofish so that it actually works. + +- Improve PAM prompt comparison. + +- Added -g (dbclient) and -a (dropbear server) options to allow + connections to listening forwarded ports from remote machines. + +- Various other minor fixes + +- Compile fixes for glibc 2.1 (ss_family vs __ss_family) and NetBSD + (netinet/in_systm.h needs to be included). + + |