O'Reilly Network: Security Alerts: Linux Kernel Problems; SSH Design FlawFeb 14, 2001, 21:28 (0 Talkback[s])
(Other stories by Noel Davis)
"In this column, we look at a system call problem and a race condition in the Linux kernel; buffer-overflow problems in SSH-1 and XMail; denial-of-service vulnerabilities in BIND 9.0.1 and ProFTPD; string format problems in man; design flaws in wireless networking security code; and temporary file problems in FreeBSD's sort."
"Two problems have been reported in the Linux kernel: a problem with the syctl() system call and a race condition. The sysctl() system call can be used to read large areas of kernel memory by passing it a negative offset. The race condition can be used to modify a running setuid process using ptrace. Both problems have been fixed in the 2.2.19pre9 kernel."
"Problems reported this week for SSH (secure shell) include: a buffer-overflow in version 1 of sshd, a buffer-overflow in the Kerberos ticket handling code in the SSH AFS/Kerberos v4 patches for SSH 1.2.2x, and a design flaw in the SSH 1.5 protocol."
"The BIND 9.1.0 name server can be crashed under certain conditions by a network scan. The crash is caused by a kernel bug in the accept() system call. It is unclear which kernels are affected."