OpenSSH *realloc() Unspecified Memory Errors

2003-09-16T00:00:00
ID OSVDB:6601
Type osvdb
Reporter Solar Designer()
Modified 2003-09-16T00:00:00

Description

Vulnerability Description

OpenSSH contains memory flaws with unspecified consequences. The issue is triggered when *realloc() is called. No further information has been provided.

Technical Description

These are memory errors which were discovered by Solar Designer in a review of the OpenSSH 3.6.1p2 source code. These errors, involving the usage of *realloc(), are not thought to be exploitable, and so there was no specific patch released to address these errors.

Solution Description

Upgrade to version 3.8 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

OpenSSH contains memory flaws with unspecified consequences. The issue is triggered when *realloc() is called. No further information has been provided.

References:

Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Security Tracker: 1007716 Nessus Plugin ID:11837 ISS X-Force ID: 13214 CVE-2003-0682