Quick notes on ssh 1.2.27 rsaref bug posted to BugTraq.

"Doing an overflow we must provide a buffer of 136 bytes length (the input_data buffer is 128 bytes + 4 bytes for the EBP and 4 bytes for the EIP). Everything works fine until we reach the RSAPrivateDecrypt function in rsaref. This function checks the variable input_len, which is the length of the buffer (in our case it is minimum 136) against the variable modulus_len, which is 128. When this check fails (and it does), RSAPrivateDecrypt returns error, causing sshd to fall into a fatal error."