SCO Information for VU#333628

OpenSSH contains buffer management errors



Vendor Statement

Hash: SHA1


SCO Security Advisory

Subject: OpenServer 5.0.7 : OpenSSH: multiple buffer handling problems
Advisory number: CSSA-2003-SCO.24
Issue date: 2003 October 1
Cross reference: sr884749 fz528324 erg712436 CERT VU#33362 CERT VU#602204 CAN-2003-0693  CAN-2003-0786 CAN-2003-0695 CAN-2003-0682

1. Problem Description

Several buffer management errors and memory bugs are
corrected by this patch.

The Common Vulnerabilities and Exposures project
( has assigned the following
names to these issues. CAN-2003-0693, CAN-2003-0695,
CAN-2003-0682, CAN-2003-0786.

The CERT Coordination Center has assigned the following
names VU#333628, and VU#602204.

CERT VU#333628 / CAN-2003-0693: A "buffer management error"
in buffer_append_space of buffer.c for OpenSSH before 3.7
may allow remote attackers to execute arbitrary code by
causing an incorrect amount of memory to be freed and
corrupting the heap, a different vulnerability than

CAN-2003-0695: Multiple "buffer management errors" in
OpenSSH before 3.7.1 may allow attackers to cause a denial
of service or execute arbitrary code using (1) buffer_init
in buffer.c, (2) buffer_free in buffer.c, or (3) a separate
function in channels.c, a different vulnerability than

CAN-2003-0682: "Memory bugs" in OpenSSH 3.7.1 and earlier,
with unknown impact, a different set of vulnerabilities
than CAN-2003-0693 and CAN-2003-0695.

CERT VU#602204 / CAN-2003-0786: Portable OpenSSH versions
3.7p1 and 3.7.1p1 contain multiple vulnerabilities in the
new PAM code. At least one of these bugs is remotely
exploitable (under a non-standard configuration, with
privsep disabled). OpenServer is not configured to use PAM,
so is not vulnerable.

2. Vulnerable Supported Versions

System Binaries
OpenServer 5.0.7 OpenSSH Distribution

3. Solution

The proper solution is to install the latest packages.

4. OpenServer 5.0.7

4.1 Location of Fixed Binaries

4.2 Verification

MD5 (VOL.000.000) = f36194ca559c850794874f9c7a0b2a18
MD5 (VOL.000.001) = 02b76bd551a0a95f2544b8999c6fbcbf
MD5 (VOL.000.002) = 6818513c946dbcd43a3f34fc19ef79fc
MD5 (VOL.000.003) = 8149c475968c3d7318eda33f30ce8045

md5 is available for download from

4.3 Installing Fixed Binaries

Upgrade the affected binaries with the following sequence:

1) Download the VOL* files to the /tmp directory

2) Run the custom command, specify an install from media
images, and specify the /tmp directory as the location of
the images.

5. References

Specific references for this advisory:

SCO security resources:

This security fix closes SCO incidents sr884749 fz528324

6. Disclaimer

SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO


Version: GnuPG v1.2.3 (SCO/UNIX_SVR5)


Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.