| VID |
14034 |
| Severity |
40 |
| Port |
22 |
| Protocol |
TCP |
| Class |
Ssh |
| Detailed Description |
The LSH daemon, according to its banner, is vulnerable to a Heap-based Buffer Overflow Vulnerability.
LSH is a freely available implementation of the SSH version 2 protocol for Unix and Linux-based operating systems. The older versions than 1.5.3 of LSH daemon are vulnerable to a heap-based buffer overflow, caused by improper bound checking. If a remote attack can exploit this vulnerability successfully, it can result in the execution of arbitrary code on the system with root privileges.
* Note: This check solely relied on the banner of the remote LSH server to assess this vulnerability, so this might be a false positive.
* References:
http://archives.neohapsis.com/archives/bugtraq/2003-09/0310.html
http://archives.neohapsis.com/archives/bugtraq/2003-09/0326.html
* Platforms Affected:
LSH 1.5, 1.5.1, 1.5.2
LSH prior to 1.4.3
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of LSH (1.4.3 or later) for LSH prior to 1.4.3 or the the latest version of LSH (1.5.3 or later) for LSH prior to 1.5.3, available from the LSH Web page at http://www.lysator.liu.se/~nisse/lsh |
| Related URL |
CVE-2003-0826 (CVE) |
| Related URL |
8655 (SecurityFocus) |
| Related URL |
13245 (ISS) |
|
