OpenSSH Multiple Buffer Management Multiple Overflows

2003-09-16T11:26:58
ID OSVDB:2557
Type osvdb
Reporter OSVDB
Modified 2003-09-16T11:26:58

Description

Vulnerability Description

OpenSSH contains several flaws that may allow remote attackers to execute arbitrary code. The issues occur in the buffer_init and buffer_free functions in buffer.c, as well as an separate function also called buffer_free in channels.c. These functions may provide an attacker with the opportunity to inject custom data that could result in memory manipulation and possibly code execution.

Solution Description

Upgrade to version 3.7.1 or higher, as it has been reported to fix this vulnerability. Vendor specific patches have also been supplied for earlier versions. Other potential workarounds are to restrict SSH access to trusted hosts or disable the service completely.

Short Description

OpenSSH contains several flaws that may allow remote attackers to execute arbitrary code. The issues occur in the buffer_init and buffer_free functions in buffer.c, as well as an separate function also called buffer_free in channels.c. These functions may provide an attacker with the opportunity to inject custom data that could result in memory manipulation and possibly code execution.

References:

Vendor Specific Solution URL: http://www.info.apple.com/kbnum/n120245 Vendor Specific Solution URL: http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_i386.deb Vendor Specific Solution URL: http://www.f-secure.com/webclub/ssh/ Vendor Specific Solution URL: ftp://ftp.openpkg.org/release/1.3/UPD/ Vendor Specific Solution URL: http://download.bluecoat.com/release/SGOS/index.html Vendor Specific Solution URL: http://www.info.apple.com/kbnum/n120244 Vendor Specific Solution URL: http://www.info.apple.com/kbnum/n120247 Vendor Specific Solution URL: http://www.cisco.com/tacpage/sw-center/ Vendor Specific Solution URL: http://vmware-svca.www.conxion.com/secured/esx/esx-1.5.2-patch5.tar.gz Vendor Specific Solution URL: http://oss.software.ibm.com/developerworks/projects/opensshi Vendor Specific Solution URL: http://www.mandrakesecure.net/en/ftp.php Vendor Specific Solution URL: http://www.riverstonenet.com/support/support_sw_download.shtml Vendor Specific Solution URL: http://sunsolve.sun.com/cobalt Vendor Specific Solution URL: http://www.trustix.net/pub/Trustix/updates/ Vendor Specific Solution URL: http://download.bluecoat.com/release/SGOS3/index.html Vendor Specific Solution URL: http://www.netscreen.com/cso Vendor Specific Solution URL: http://www.info.apple.com/kbnum/n120246 Vendor Specific Solution URL: http://www.cyclades.com/support/downloads.php Vendor Specific Solution URL: http://www-1.ibm.com/servers/aix/products/aixos/linux/download.html Vendor Specific Solution URL: https://www.ingrian.com/suppport Vendor Specific Solution URL: ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.24 Vendor Specific Solution URL: http://sunsolve.sun.com/patches/linux/security.html Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Secunia Advisory ID:9743 Secunia Advisory ID:10156 Secunia Advisory ID:9744 Secunia Advisory ID:9811 Secunia Advisory ID:9747 Secunia Advisory ID:9756 Secunia Advisory ID:9810 RedHat RHSA: RHSA-2003:280 RedHat RHSA: RHSA-2003:279 Other Advisory URL: http://archives.neohapsis.com/archives/fulldisclosure/2003-q3/3967.html Nessus Plugin ID:11837 CVE-2003-0695 CIAC Advisory: N-151 CERT VU: 333628 CERT: CA-2003-24