| VID |
14033 |
| Severity |
40 |
| Port |
22 |
| Protocol |
TCP |
| Class |
SSH |
| Detailed Description |
The OpenSSH, according to its version number, has two buffer overflow flaws in the buffer management code.
OpenSSH is a suite of network connectivity tools that can be used to establish encrypted connections between systems on a network and can provide interactive login sessions and port forwarding, among other functions. These vulnerabilities affect versions prior to 3.7.1. The errors occur when a buffer is allocated for a large packet. When the buffer is cleared, an improperly sized chunk of memory is filled with zeros. This leads to heap corruption, which could cause a denial-of-service condition. These vulnerabilities may also allow a remote attacker to execute arbitrary code on the system.
* Note: This check solely relied on the banner of the remote OpenSSH server to assess this vulnerability, so this might be a false positive.
* References:
http://www.cert.org/advisories/CA-2003-24.html
http://www.kb.cert.org/vuls/id/333628
http://www.securiteam.com/unixfocus/5XP0C20B5O.html
http://xforce.iss.net/xforce/alerts/id/144
http://marc.theaimsgroup.com/?l=openbsd-misc&m=106375452423794&w=2
http://marc.theaimsgroup.com/?l=openbsd-misc&m=106375456923804&w=2
* Platforms Affected:
Systems running versions of OpenSSH prior to 3.7.1
Systems that use or derive code from vulnerable versions of OpenSSH |
| Recommendation |
Apply a patch from your vendor.
The patches for these issues are included in the OpenSSH advisory at http://www.openssh.com/txt/buffer.adv
This patch may be manually applied to correct this vulnerability in affected versions of OpenSSH. If your vendor has provided a patch or upgrade, you may want to apply it rather than using the patch from OpenSSH. Find information about vendor patches in CA-2003-24 at http://www.cert.org/advisories/CA-2003-24.html#vendors
-- OR --
Upgrade to the latest version of OpenSSH (3.7.1 or later). This vulnerability is resolved in OpenSSH version 3.7.1, which is available from the OpenSSH web site at http://www.openssh.com/ |
| Related URL |
CVE-2003-0693,CVE-2003-0695 (CVE) |
| Related URL |
8628 (SecurityFocus) |
| Related URL |
13191,13215 (ISS) |
|
