|
|
|
View Notes By
|
|
|
|
Other Documents
|
|
|
|
|
Vulnerability Note VU#333628
OpenSSH contains buffer management errors
OverviewVersions of the OpenSSH server prior to 3.7.1 contain buffer management errors. While the full impact of this vulnerabilities are unclear, they may lead to memory corruption and a denial-of-service situation.
I. DescriptionVersions of OpenSSH prior to 3.7.1 contain errors in the general handling of buffers. These vulnerabilities appear to occur due to some buffer management errors. Specifically, this is an issue with freeing the appropriate memory size on the heap. In certain cases the memory cleared is too large and might cause heap corruption.
Various network and embedded systems may use OpenSSH or derived code. These systems may also be affected by this issue.
We have seen reports of exploitation that may be related to this issue.
II. ImpactThe full impact of these vulnerabilities is unclear. The most likely impact is that the heap may be corrupted leading to a denial of service.
If it is possible to exploit this vulnerability in a manner that would allow the execution of arbitrary code then an attacker may be able to so with the privileges of the user running the sshd process, usually root. The impact may be limited on systems using the privilege separation feature available in OpenSSH for some systems.
III. SolutionApply patches
The OpenSSH developement team has developed patches and an advisory for this issue. More details will be available at
Users of systems that include OpenSSH software are encouraged to check the vendors section of this document for more information.
Disable or limit access to the ssh service
For those systems that do not require ssh to be enabled, we encourage users to disable the service. If the service cannot be disabled and patches cannot be applied, we recommend using a packet filter to limit access to the vulnerable service from only trusted hosts.
Systems Affected
| Vendor | Status | Date Updated |
| 3Com | Unknown | 16-Sep-2003 |
| Alcatel | Unknown | 16-Sep-2003 |
| AppGate Network Security AB | Vulnerable | 1-Oct-2003 |
| Apple Computer, Inc. | Vulnerable | 1-Oct-2003 |
| AT&T | Unknown | 16-Sep-2003 |
| Avaya | Unknown | 16-Sep-2003 |
| Berkeley Software Design, Inc. | Unknown | 16-Sep-2003 |
| Bitvise | Not Vulnerable | 16-Sep-2003 |
| Cisco Systems, Inc. | Vulnerable | 17-Sep-2003 |
| Cray Inc. | Vulnerable | 16-Sep-2003 |
| Cyclades Corporation | Vulnerable | 22-Sep-2003 |
| D-Link Systems | Unknown | 16-Sep-2003 |
| Debian Linux | Vulnerable | 17-Sep-2003 |
| EMC Corporation | Unknown | 16-Sep-2003 |
| Extreme Networks | Unknown | 16-Sep-2003 |
| F-Secure | Vulnerable | 18-Sep-2003 |
| F5 Networks, Inc. | Unknown | 16-Sep-2003 |
| FiSSH | Unknown | 16-Sep-2003 |
| Foundry Networks Inc. | Vulnerable | 15-Oct-2003 |
| FreeBSD, Inc. | Vulnerable | 18-Sep-2003 |
| FreSSH | Unknown | 16-Sep-2003 |
| Fujitsu | Not Vulnerable | 22-Sep-2003 |
| Guardian Digital Inc. | Vulnerable | 18-Sep-2003 |
| Hewlett-Packard Company | Unknown | 18-Sep-2003 |
| Hitachi | Not Vulnerable | 7-Oct-2003 |
| IBM-zSeries | Unknown | 16-Sep-2003 |
| IBM Corporation | Vulnerable | 1-Oct-2003 |
| IBM eServer | Vulnerable | 22-Sep-2003 |
| Ingrian Networks, Inc. | Vulnerable | 1-Oct-2003 |
| Intel | Unknown | 16-Sep-2003 |
| Intersoft International Inc. | Unknown | 16-Sep-2003 |
| Juniper Networks, Inc. | Vulnerable | 22-Sep-2003 |
| Lachman | Unknown | 16-Sep-2003 |
| Lsh | Unknown | 16-Sep-2003 |
| Lucent Technologies | Unknown | 16-Sep-2003 |
| MacSSH | Unknown | 16-Sep-2003 |
| Mandriva, Inc. | Vulnerable | 17-Sep-2003 |
| Mandriva, Inc. | Vulnerable | 18-Sep-2003 |
| Microsoft Corporation | Not Vulnerable | 16-Sep-2003 |
| Mirapoint | Vulnerable | 18-Sep-2003 |
| MontaVista Software, Inc. | Unknown | 16-Sep-2003 |
| Multi-Tech Systems Inc. | Unknown | 16-Sep-2003 |
| NEC Corporation | Unknown | 16-Sep-2003 |
| NetBSD | Vulnerable | 17-Sep-2003 |
| NETcomposite | Unknown | 16-Sep-2003 |
| NetScreen Technologies Inc. | Unknown | 16-Sep-2003 |
| Network Appliance | Vulnerable | 17-Sep-2003 |
| Nokia | Vulnerable | 18-Sep-2003 |
| Nortel Networks, Inc. | Unknown | 16-Sep-2003 |
| OpenBSD | Unknown | 16-Sep-2003 |
| OpenPKG | Vulnerable | 17-Sep-2003 |
| OpenSSH | Vulnerable | 17-Sep-2003 |
| Openwall GNU/*/Linux | Vulnerable | 18-Sep-2003 |
| Pragma Systems | Not Vulnerable | 1-Oct-2003 |
| Putty | Not Vulnerable | 16-Sep-2003 |
| Red Hat, Inc. | Vulnerable | 18-Sep-2003 |
| Redback Networks Inc. | Unknown | 16-Sep-2003 |
| Riverstone Networks | Vulnerable | 1-Oct-2003 |
| SCO | Vulnerable | 7-Oct-2003 |
| Secure Computing Corporation | Not Vulnerable | 22-Sep-2003 |
| Sequent Computer Systems, Inc. | Unknown | 16-Sep-2003 |
| SGI | Unknown | 16-Sep-2003 |
| Slackware | Vulnerable | 16-Sep-2003 |
| Sony Corporation | Unknown | 16-Sep-2003 |
| SSH Communications Security | Not Vulnerable | 17-Sep-2003 |
| Sun Microsystems, Inc. | Vulnerable | 16-Jan-2007 |
| SUSE Linux | Vulnerable | 18-Sep-2003 |
| TFS Technology | Vulnerable | 17-Sep-2003 |
| Top Layer Networks | Not Vulnerable | 18-Sep-2003 |
| Trustix | Vulnerable | 17-Sep-2003 |
| TTSSH/TeraTerm | Unknown | 16-Sep-2003 |
| Unisys | Unknown | 16-Sep-2003 |
| VanDyke Software Inc. | Not Vulnerable | 16-Sep-2003 |
| VMware | Vulnerable | 1-Oct-2003 |
| Wind River Systems, Inc. | Unknown | 16-Sep-2003 |
| Wirex | Unknown | 16-Sep-2003 |
| Zyxel | Unknown | 16-Sep-2003 |
References
http://www.openssh.com/txt/buffer.adv
http://www.mindrot.org/pipermail/openssh-unix-announce/2003-September/000062.html
http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/openssh/files/patch-buffer.c
http://www.secunia.com/advisories/10156/
Credit
Thanks to OpenSSH for information regarding this vulnerability.
This document was written by Jason A Rafail.
Other Information
| Date Public | 09/16/2003 |
| Date First Published | 09/16/2003 12:18:55 PM |
| Date Last Updated | 01/16/2007 |
| CERT Advisory | CA-2003-24 |
| CVE Name | CVE-2003-0693 |
| US-CERT Technical Alerts | |
| Metric | 28.98 |
| Document Revision | 20 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
|