blob: bc4c461fee9fc519d8b81a2a9323f7584b9f9ba7 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
|
Date: Sun, 11 Dec 2005 23:30:02 +0800
From: Matt Johnston <matt@ucc.asn.au>
To: dropbear@ucc.gu.uwa.edu.au
Subject: Dropbear 0.47 (and security fix)
Message-ID: <20051211153002.GH28839@ucc.gu.uwa.edu.au>
Hi all.
I've put up a new release 0.47 of Dropbear, which has
various fixes and new features - see the change summary
below.
http://matt.ucc.asn.au/dropbear/dropbear.html is the
url as usual or directly at
http://matt.ucc.asn.au/dropbear/dropbear-0.47.tar.bz2
This release also fixes a potential security issue, which
may allow authenticated users to run arbitrary code as the
server user. I'm unsure exactly how likely it is to be
exploitable, but anyone who's running a multi-user server is
advised to upgrade. For older releases, the patch is:
(against chanesssion.c for 0.43 and earlier).
--- dropbear/svr-chansession.c
+++ dropbear/svr-chansession.c
@@ -810,7 +810,7 @@
/* need to increase size */
if (i == svr_ses.childpidsize) {
svr_ses.childpids = (struct ChildPid*)m_realloc(svr_ses.childpids,
- sizeof(struct ChildPid) * svr_ses.childpidsize+1);
+ sizeof(struct ChildPid) * (svr_ses.childpidsize+1));
svr_ses.childpidsize++;
}
Matt
0.47 - Thurs Dec 8 2005
- SECURITY: fix for buffer allocation error in server code, could potentially
allow authenticated users to gain elevated privileges. All multi-user systems
running the server should upgrade (or apply the patch available on the
Dropbear webpage).
- Fix channel handling code so that redirecting to /dev/null doesn't use
100% CPU.
- Turn on zlib compression for dbclient.
- Set "low delay" TOS bit, can significantly improve interactivity
over some links.
- Added client keyboard-interactive mode support, allows operation with
newer OpenSSH servers in default config.
- Log when pubkey auth fails because of bad ~/.ssh/authorized_keys permissions
- Improve logging of assertions
- Added aes-256 cipher and sha1-96 hmac.
- Fix twofish so that it actually works.
- Improve PAM prompt comparison.
- Added -g (dbclient) and -a (dropbear server) options to allow
connections to listening forwarded ports from remote machines.
- Various other minor fixes
- Compile fixes for glibc 2.1 (ss_family vs __ss_family) and NetBSD
(netinet/in_systm.h needs to be included).
|
