OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable buffer overflow

2002-04-20T00:00:00
ID SECURITYVULNS:DOC:2814
Type securityvulns
Reporter Securityvulns
Modified 2002-04-20T00:00:00

Description

effect:

    local root

vulnerable services:

    -pass Kerberos IV TGT

    -pass AFS Token

bug details:

    radix.c

    GETSTRING macro in radix_to_creds

function may cause buffer overflow.

    affected buffers:



        creds->service

        creds->instance

        creds->realm

        creds->pinst

exploit code here: mantra.freeweb.hu