Hosting Provided By

SSH Buffer Overflow on Solaris 8

From: David C. Kleinman <dkleinm(at)emory.edu>
Date: Mon Nov 11 2002 - 14:35:44 EST

Using the openssh distribution from sunfreeware.com, I get the following error on one system when i try to connect to the ssh server: Nov 11 10:22:22 sshd[2730]: fatal: buffer_get: trying to get more bytes 129 than in buffer 34

The ssh client is functioning properly and I've used that same distribution on 49 other Solaris servers w/o issue.

Here are the packages that I installed:
openssl-0.9.6g-sol8-sparc-local
openssh-3.4p1-sol8-sparc-local
zlib-1.1.4-sol8-sparc-local
libgcc-3.2-sol8-sparc-local

I have also installed patch 112438-01 to create the /dev/random device I installed ssh using the sunfreeware directions, http://sunfreeware.com/openssh8.html
My solaris version is:
SunOS 5.8 Generic_108528-15 sun4u sparc SUNW,Ultra-80

Here is the truss output when I attempt to connect: $ truss -p 408

 poll(0xFFBEF398, 2, -1)         (sleeping...)
 poll(0xFFBEF398, 2, -1)                         = 1
 accept(5, 0xFFBEFC68, 0xFFBEF450, 1)            = 6
 fstat64(6, 0xFFBEF2E0)                          = 0

getsockopt(6, 65535, 8192, 0xFFBEF3E0, 0xFFBEF3DC, 0) = 0 setsockopt(6, 65535, 8192, 0xFFBEF3E0, 4, 0) = 0

fcntl(6, F_SETFL, 0x00000000)                   = 0
pipe()                                          = 7 [8]
fork()                                          = 455
close(8)                                        = 0
sigaction(SIGALRM, 0xFFBEF328, 0xFFBEF3A8)      = 0
alarm(3600)                                     = 0
getpid()                                        = 408 [1]
getpid()                                        = 408 [1]
close(6)                                        = 0
poll(0xFFBEF388, 3, -1)         (sleeping...)

Received signal #18, SIGCLD, in poll() [caught] siginfo: SIGCLD CLD_EXITED pid=455 status=0x00FF

poll(0xFFBEF388, 3, -1)                         Err#4 EINTR

waitid(P_ALL, 0, 0xFFBEEEB8, WEXITED|WTRAPPED|WNOHANG) = 0 waitid(P_ALL, 0, 0xFFBEEEB8, WEXITED|WTRAPPED|WNOHANG) Err#10 ECHILD sigaction(SIGCLD, 0xFFBEEE78, 0xFFBEEEF8) = 0 setcontext(0xFFBEF070)

poll(0xFFBEF388, 3, -1)                         = 1
close(7)                                        = 0
poll(0xFFBEF388, 2, -1)         (sleeping...)

Received on Mon Nov 11 17:56:26 2002

This message: [ Message body ]
Next message: Dr. Poo: "Hello World!"
Previous message: Wilson, Richard E: "RE: Help on setting up SSH for user root"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:51 EDT