From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Prentis Brooks" <prentis@aol.net>
To: <rbh00@netcom.com>
Cc: "Cygwin" <cygwin@sourceware.cygnus.com>
Subject: RE: [ANNOUNCEMENT]: patched openSSH-1.2.2 [was Re: No this has a nasty bite]
Date: Tue, 30 May 2000 12:11:00 -0000
Message-id: <NEBBLEPLMLJEEFHAGMDMAECNCAAA.prentis@aol.net>
References: <s048jsc0d8a3j88k2r57mkkbs21qbac6jo@4ax.com>
X-SW-Source: 2000-05/msg01085.html

Yes, that is the error I am trying to resolve... but after digging through
the OpenSSL source.... is RSAREF compiled in, or is it using SSLeay?  Or
does it matter?  *grin*

-----Original Message-----
From: Richard Hitt [ mailto:rbh00@netcom.com ]
Sent: Tuesday, May 30, 2000 3:02 PM
To: Prentis Brooks
Subject: Re: [ANNOUNCEMENT]: patched openSSH-1.2.2 [was Re: No this has
a nasty bite]


Hi All

I came across what might be a related URL:
http://www.ssh.com/products/ssh/patches/patch-ssh-1.2.27-rsaref.buffer.overf
low

hth

Richard

On Tue, 30 May 2000 14:19:27 -0400, you wrote:

>Corinna,
>	your patches work great, one last quick question, then I am done, I hope
>:).  There is apparently an RSAREF patch out there with a buffer overflow
>problem, I am still trying to track down the patch number.  If you happen
to
>know of it, did you apply that patch to the OpenSSL code?  If you don't
know
>of the one I am talking about, then I guess there is not much we can do
>until I find that patch number ;)
>
>Thanks
>
>-----Original Message-----
>From: cygwin-owner@sourceware.cygnus.com
>[ mailto:cygwin-owner@sourceware.cygnus.com]On Behalf Of Corinna Vinschen
>Sent: Sunday, May 28, 2000 5:25 AM
>To: Prentis Brooks
>Cc: cygwin
>Subject: Re: [ANNOUNCEMENT]: patched openSSH-1.2.2 [was Re: No this has
>a nasty bite]
>
>
>Prentis Brooks wrote:
>> different from what I was looking to do.  Would you mind telling me how
>you
>> solved the problem of unauthorized access to a another account?
>> (specifically, being able to login to RSA enabled SSHD eventhough your
RSA
>> key is not part of that SSHD's user's authorized_key file.)
>
>Password authentication leads to a valid hToken, any
>other authentication leads to hToken == INVALID_HANDLE_VALUE.
>So after authentication I check for non-password authentication
>and equality of getuid() to uid of authenticated user.
>
>==== SNIP ====
>@@ -1498,6 +1529,13 @@ do_authloop(struct passwd * pw)
>                        break;
>                }
>
>+#ifdef __CYGWIN__
>+                if (is_winnt && hToken == INVALID_HANDLE_VALUE &&
>+                    authenticated && getuid() != pw->pw_uid) {
>+                        packet_disconnect("Authentication rejected for
>uid %d.", (int) pw->pw_uid);
>+                        authenticated = 0;
>+                }
>+#endif
>                /* Raise logging level */
>                if (authenticated ||
>                    attempt == AUTH_FAIL_LOG ||
>==== SNAP ====
>
>Corinna
>
>--
>Corinna Vinschen
>Cygwin Developer
>Cygnus Solutions, a Red Hat company
>
>--
>Want to unsubscribe from this list?
>Send a message to cygwin-unsubscribe@sourceware.cygnus.com


--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com