OpenSSH 6.6.x sends invalid SSH_MSG_USERAUTH_INFO_REQUEST

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



I've had a report from a user that "SSH-2.0-OpenSSH_6.6.1_hpn13v11
FreeBSD-20140420" is sending an invalid SSH_MSG_USERAUTH_INFO_REQUEST.
Checking against the server in question, it first sends a valid request
(empty name, empty instruction, empty language, single prompt for a 
password):

  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01  ................
  00 00 00 28 50 61 73 73 77 6f 72 64 20 66 6f 72  ...(Password for
  [...]

to which I reply with a SSH_MSG_USERAUTH_INFO_RESPONSE.  The server then sends
a second SSH_MSG_USERAUTH_INFO_REQUEST consisting of 16 bytes of zeros:

  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

for which, even if you ignore the fact that it fails a data-validity check,
I'm not sure how you're supposed to respond, since it's asked for zero
responses to its authentication request.

Peter.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux