| VID |
14035 |
| Severity |
30 |
| Port |
22 |
| Protocol |
TCP |
| Class |
Ssh |
| Detailed Description |
The OpenSSH, according to its banner, contains a vulnerability that allows an attacker to corrupt the PAM conversion stack.
The versions 3.7p1 and 3.7.1p1 of OpenSSH can allow an attacker to corrupt the PAM conversion stack, caused by a flaw in handling PAM authentication. By exploiting this vulnerability, a remote attacker can gain elevated privileges or cause a denial of service.
* Note: This check solely relied on the banner of the remote OpenSSH server to assess this vulnerability, so this might be a false positive.
* References:
http://www.linuxsecurity.com/advisories/gentoo_advisory-3676.html
http://www.kb.cert.org/vuls/id/209807
http://archives.neohapsis.com/archives/bugtraq/2003-09/0358.html
* Platforms Affected:
OpenSSH 3.7.1p1
OpenSSH 3.7p1
Gentoo Linux Any version
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of OpenSSH (3.7.1p2 or later), available from the OpenSSH Web site at http://www.openssh.org
For Gentoo Linux:
Upgrade to the latest version of openssh (3.7.1_p2 or later), as listed in Gentoo Linux Security Announcement 200309-14 at http://www.linuxsecurity.com/advisories/gentoo_advisory-3676.html |
| Related URL |
CVE-2003-0787 (CVE) |
| Related URL |
8677 (SecurityFocus) |
| Related URL |
13271 (ISS) |
|
