Vulnerabilities > CVE-2003-0693 - Unspecified vulnerability in Openbsd Openssh
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695.
Vulnerable Configurations
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2003-090.NASL description A buffer management error was discovered in all versions of openssh prior to version 3.7. According to the OpenSSH team last seen 2020-06-01 modified 2020-06-02 plugin id 14072 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14072 title Mandrake Linux Security Advisory : openssh (MDKSA-2003:090-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2003:090. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(14072); script_version ("1.23"); script_cvs_date("Date: 2019/08/02 13:32:47"); script_cve_id("CVE-2003-0693", "CVE-2003-0695"); script_xref(name:"CERT-CC", value:"CA-2003-24"); script_xref(name:"CERT", value:"333628"); script_xref(name:"MDKSA", value:"2003:090-1"); script_name(english:"Mandrake Linux Security Advisory : openssh (MDKSA-2003:090-1)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A buffer management error was discovered in all versions of openssh prior to version 3.7. According to the OpenSSH team's advisory: 'It is uncertain whether this error is potentially exploitable, however, we prefer to see bugs fixed proactively.' There have also been reports of an exploit in the wild. MandrakeSoft encourages all users to upgrade to these patched openssh packages immediately and to disable sshd until you are able to upgrade if at all possible. Update : The OpenSSH developers discovered more, similar, problems and revised the patch to correct these issues. These new packages have the latest patch fix applied." ); script_set_attribute( attribute:"see_also", value:"http://www.openssh.com/txt/buffer.adv" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openssh"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openssh-askpass"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openssh-askpass-gnome"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openssh-clients"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openssh-server"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.1"); script_set_attribute(attribute:"patch_publication_date", value:"2003/09/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"openssh-3.6.1p2-1.2.82mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"openssh-askpass-3.6.1p2-1.2.82mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"openssh-askpass-gnome-3.6.1p2-1.2.82mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"openssh-clients-3.6.1p2-1.2.82mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"openssh-server-3.6.1p2-1.2.82mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"openssh-3.6.1p2-1.2.90mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"openssh-askpass-3.6.1p2-1.2.90mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"openssh-askpass-gnome-3.6.1p2-1.2.90mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"openssh-clients-3.6.1p2-1.2.90mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"openssh-server-3.6.1p2-1.2.90mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"openssh-3.6.1p2-1.2.91mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"openssh-askpass-3.6.1p2-1.2.91mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"openssh-askpass-gnome-3.6.1p2-1.2.91mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"openssh-clients-3.6.1p2-1.2.91mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"openssh-server-3.6.1p2-1.2.91mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2003-280.NASL description Updated OpenSSH packages are now available that fix bugs that may be remotely exploitable. [Updated 17 Sep 2003] Updated packages are now available to fix additional buffer manipulation problems which were fixed in OpenSSH 3.7.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0695 to these additional issues. We have also included fixes from Solar Designer for some additional memory bugs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0682 to these issues. OpenSSH is a suite of network connectivity tools that can be used to establish encrypted connections between systems on a network and can provide interactive login sessions and port forwarding, among other functions. The OpenSSH team has announced a bug which affects the OpenSSH buffer handling code. This bug has the potential of being remotely exploitable. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0693 to this issue. All users of OpenSSH should immediately apply this update which contains a backported fix for this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 12421 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12421 title RHEL 2.1 : openssh (RHSA-2003:280) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2003:280. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(12421); script_version ("1.23"); script_cvs_date("Date: 2019/10/25 13:36:10"); script_cve_id("CVE-2003-0682", "CVE-2003-0693", "CVE-2003-0695"); script_xref(name:"RHSA", value:"2003:280"); script_name(english:"RHEL 2.1 : openssh (RHSA-2003:280)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated OpenSSH packages are now available that fix bugs that may be remotely exploitable. [Updated 17 Sep 2003] Updated packages are now available to fix additional buffer manipulation problems which were fixed in OpenSSH 3.7.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0695 to these additional issues. We have also included fixes from Solar Designer for some additional memory bugs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0682 to these issues. OpenSSH is a suite of network connectivity tools that can be used to establish encrypted connections between systems on a network and can provide interactive login sessions and port forwarding, among other functions. The OpenSSH team has announced a bug which affects the OpenSSH buffer handling code. This bug has the potential of being remotely exploitable. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0693 to this issue. All users of OpenSSH should immediately apply this update which contains a backported fix for this issue." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2003-0682" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2003-0693" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2003-0695" ); script_set_attribute( attribute:"see_also", value:"http://www.openssh.com/txt/buffer.adv" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2003:280" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssh"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssh-askpass"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssh-askpass-gnome"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssh-clients"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssh-server"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2003/09/22"); script_set_attribute(attribute:"patch_publication_date", value:"2003/09/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2003:280"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"openssh-3.1p1-14")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"openssh-askpass-3.1p1-14")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"openssh-askpass-gnome-3.1p1-14")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"openssh-clients-3.1p1-14")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"openssh-server-3.1p1-14")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssh / openssh-askpass / openssh-askpass-gnome / openssh-clients / etc"); } }NASL family SuSE Local Security Checks NASL id SUSE_SA_2003_038.NASL description The remote host is missing the patch for the advisory SUSE-SA:2003:038 (openssh). The openssh package is the most widely used implementation of the secure shell protocol family (ssh). It provides a set of network connectivity tools for remote (shell) login, designed to substitute the traditional BSD-style r-protocols (rsh, rlogin). openssh has various authentification mechanisms and many other features such as TCP connection and X11 display forwarding over the fully encrypted network connection as well as file transfer facilities. A programming error has been found in code responsible for buffer management. If exploited by a (remote) attacker, the error may lead to unauthorized access to the system, allowing the execution of arbitrary commands. The error is known as the buffer_append_space()-bug and is assigned the Common Vulnerabilities and Exposures (CVE) name CVE-2003-0693. At the time of writing this announcement, it is unclear if the buffer_append_space()-bug is exploitable. However, an increasing amount of TCP connection attempts to port 22 (the ssh default port) has been observed in the internet during the past days, which may indicate that there exists an exploit for the error. Please note that we have disabled the Privilege Separation feature in the ssh daemon (sshd) with this update. The PrivSep feature is designed to have parts of the ssh daemon last seen 2020-06-01 modified 2020-06-02 plugin id 13806 published 2004-07-25 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13806 title SUSE-SA:2003:038: openssh code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # This plugin text was extracted from SuSE Security Advisory SUSE-SA:2003:038 # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(13806); script_version ("1.13"); script_cvs_date("Date: 2019/10/25 13:36:27"); name["english"] = "SUSE-SA:2003:038: openssh"; script_name(english:name["english"]); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a vendor-supplied security patch" ); script_set_attribute(attribute:"description", value: "The remote host is missing the patch for the advisory SUSE-SA:2003:038 (openssh). The openssh package is the most widely used implementation of the secure shell protocol family (ssh). It provides a set of network connectivity tools for remote (shell) login, designed to substitute the traditional BSD-style r-protocols (rsh, rlogin). openssh has various authentification mechanisms and many other features such as TCP connection and X11 display forwarding over the fully encrypted network connection as well as file transfer facilities. A programming error has been found in code responsible for buffer management. If exploited by a (remote) attacker, the error may lead to unauthorized access to the system, allowing the execution of arbitrary commands. The error is known as the buffer_append_space()-bug and is assigned the Common Vulnerabilities and Exposures (CVE) name CVE-2003-0693. At the time of writing this announcement, it is unclear if the buffer_append_space()-bug is exploitable. However, an increasing amount of TCP connection attempts to port 22 (the ssh default port) has been observed in the internet during the past days, which may indicate that there exists an exploit for the error. Please note that we have disabled the Privilege Separation feature in the ssh daemon (sshd) with this update. The PrivSep feature is designed to have parts of the ssh daemon's work running under lowered privileges, thereby limiting the effect of a possible vulnerability in the code. The PrivSep feature is turned on/off by the UsePrivilegeSeparation keyword in sshd's configuration file /etc/ssh/sshd_config. The feature is held responsible for malfunctions in PAM (Pluggable Authentification Modules). The update mechanism will not overwrite configuration files that have been altered after the package installation." ); script_set_attribute(attribute:"solution", value: "http://www.suse.de/security/2003_038_openssh.html" ); script_set_attribute(attribute:"risk_factor", value:"High" ); script_set_attribute(attribute:"plugin_publication_date", value: "2004/07/25"); script_end_attributes(); summary["english"] = "Check for the version of the openssh package"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); family["english"] = "SuSE Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/SuSE/rpm-list"); exit(0); } include("rpm.inc"); if ( rpm_check( reference:"openssh-2.9.9p2-155", release:"SUSE7.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"openssh-2.9.9p2-155", release:"SUSE7.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"openssh-3.4p1-214", release:"SUSE8.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"openssh-3.4p1-214", release:"SUSE8.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"openssh-3.5p1-106", release:"SUSE8.2") ) { security_hole(0); exit(0); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-382.NASL description A bug has been found in OpenSSH last seen 2020-06-01 modified 2020-06-02 plugin id 15219 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15219 title Debian DSA-382-3 : ssh - possible remote vulnerability NASL family Misc. NASL id SUNSSH_PLAINTEXT_RECOVERY.NASL description The version of SunSSH running on the remote host has an information disclosure vulnerability. A design flaw in the SSH specification could allow a man-in-the-middle attacker to recover up to 32 bits of plaintext from an SSH-protected connection in the standard configuration. An attacker could exploit this to gain access to sensitive information. Note that this version of SunSSH is also prone to several additional issues but Nessus did not test for them. last seen 2020-06-01 modified 2020-06-02 plugin id 55992 published 2011-08-29 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/55992 title SunSSH < 1.1.1 / 1.3 CBC Plaintext Disclosure NASL family Red Hat Local Security Checks NASL id REDHAT_FIXES.NASL description This plugin writes in the knowledge base the CVE ids that we know Red Hat enterprise Linux is not vulnerable to. last seen 2020-06-01 modified 2020-06-02 plugin id 12512 published 2004-07-06 reporter This script is Copyright (C) 2004-2011 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/12512 title Red Hat Enterprise Linux fixes NASL family Debian Local Security Checks NASL id DEBIAN_DSA-383.NASL description Several bugs have been found in OpenSSH last seen 2020-06-01 modified 2020-06-02 plugin id 15220 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15220 title Debian DSA-383-2 : ssh-krb5 - possible remote vulnerability NASL family Gain a shell remotely NASL id OPENSSH_36.NASL description According to its banner, the remote SSH server is running a version of OpenSSH older than 3.7.1. Such versions are vulnerable to a flaw in the buffer management functions that might allow an attacker to execute arbitrary commands on this host. An exploit for this issue is rumored to exist. Note that several distributions patched this hole without changing the version number of OpenSSH. Since Nessus solely relied on the banner of the remote SSH server to perform this check, this might be a false positive. If you are running a RedHat host, make sure that the command : rpm -q openssh-server returns : openssh-server-3.1p1-13 (RedHat 7.x) openssh-server-3.4p1-7 (RedHat 8.0) openssh-server-3.5p1-11 (RedHat 9) last seen 2020-06-01 modified 2020-06-02 plugin id 11837 published 2003-09-16 reporter This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/11837 title OpenSSH < 3.7.1 Multiple Vulnerabilities
Oval
accepted 2005-02-23T09:25:00.000-04:00 class vulnerability contributors name Brian Soby organization The MITRE Corporation description A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695. family unix id oval:org.mitre.oval:def:2719 status accepted submitted 2004-12-30T12:00:00.000-04:00 title Buffer Management Error in OpenSSH version 34 accepted 2010-09-20T04:00:27.010-04:00 class vulnerability contributors name Jay Beale organization Bastille Linux name Jay Beale organization Bastille Linux name Thomas R. Jones organization Maitreya Security name Jonathan Baker organization The MITRE Corporation
description A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695. family unix id oval:org.mitre.oval:def:447 status accepted submitted 2003-09-21T12:00:00.000-04:00 title Mutliple Buffer Management Errors in OpenSSH II version 41
Redhat
| advisories |
|
Statements
| contributor | Mark J Cox |
| lastmodified | 2007-06-01 |
| organization | Red Hat |
| statement | Not vulnerable. This flaw is fixed in Red Hat Enterprise Linux 2.1 via the errata RHSA-2003:280. This flaw is fixed in Red Hat Enterprise Linux 3 as a backported patch. The source RPM contains the patch openssh-3.6.1p2-owl-realloc.diff which resolved this flaw before Red Hat Enterprise Linux 3 GA. This flaw does not affect any subsequent versions of Red Hat Enterprise Linux. |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010103.html
- http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010135.html
- http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010146.html
- http://marc.info/?l=bugtraq&m=106373247528528&w=2
- http://marc.info/?l=bugtraq&m=106373546332230&w=2
- http://marc.info/?l=bugtraq&m=106374466212309&w=2
- http://marc.info/?l=bugtraq&m=106381396120332&w=2
- http://marc.info/?l=bugtraq&m=106381409220492&w=2
- http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000620.1-1
- http://www.cert.org/advisories/CA-2003-24.html
- http://www.debian.org/security/2003/dsa-382
- http://www.debian.org/security/2003/dsa-383
- http://www.kb.cert.org/vuls/id/333628
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:090
- http://www.openssh.com/txt/buffer.adv
- http://www.redhat.com/support/errata/RHSA-2003-280.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13191
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2719
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A447