Date:         Sat, 4 Dec 1999 17:45:20 -0500
From: Niels Provos <provos@CITI.UMICH.EDU>
Subject:      Re: Security Advisory: Buffer overflow in RSAREF2
To: BUGTRAQ@SECURITYFOCUS.COM

In message <3846CC26.513CE96F@core-sdi.com>, Gerardo Richarte writes:
>	To make this clear: in combination with the buffer overflow in rsaglue.
>c this makes possible to get
>a remote shell on a machine running sshd AND it also makes possible to use a r
>everse exploit to gain access on
>clients' machines, using malicious sshd.

I fear that this posting should have been even clearer.
To sum the problem up more clearly:

ssh-1.2.27 (if compiled with RSAREF2) is vulnerable.  Attackers can
obtain a shell on the machine running sshd.  The exploit uses buffer
overflows in the RSAREF2 implementation AND in the rsaglue.c file in
ssh-1.2.27.  I am surprised that there wasnt a bigger outrage on the
mailing list about this, it is quite serious!!!

On the other hand, OpenSSH is not vulnerable to this remote exploit.
Since rsaglue.c was rewritten, OpenSSH does stricter parameter
checking than ssh-1.2.27 and these recent problems in ssh-1.2.27 did
NOT affect OpenSSH.

Nonetheless, OpenSSH users in the USA that use OpenSSL compiled with
RSAREF2 should update their ssl library (since isakmpd or httpd may be
affected), see previous postings on Bugtraq, and
http://www.openbsd.org/errata.html#sslUSA

Another thing is worth mentioning, RSA could use the buffer overflow
in RSAREF2 to scan machines in the USA for RSA license violation.  For
example, sshds that do not use RSAREF2 do will behave differently than
those that do.

Information on OpenSSH can be found at http://www.openssh.com/
Infomration on OpenSSL can be found at http://www.openssl.org/