Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2002-0083 PoC — OpenSSH 'Channel'代码实现off-by-one漏洞

Source
https://github.com/stuxbench/dropbear-cve-2002-0083
Associated Vulnerability
Title:OpenSSH 'Channel'代码实现off-by-one漏洞 (CVE-2002-0083)
Description:OpenSSH是一个对SSH协议开放源码的,免费的实现。它对所有网络通讯进行加密传输,从而避开了许多网络层的攻击,是个很有用的网络连接工具。 OpenSSH实现上存在缓冲区溢出漏洞,一个有合法登录帐号的用户可以利用此漏洞得到主机的root权限。 为了实现X11、TCP和代理转发,OpenSSH在一个TCP连接上复用多个"channel"。OpenSSH在管理"channel"的代码实现上存在一个off-by-one(偏移一个单位)漏洞,程序可能会错误地使用正常范围之外的内存数据,一个有合法登录帐号的攻击者
File Snapshot

 None
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.