|
|
|
View Notes By
|
|
|
|
Other Documents
|
|
|
|
|
Openwall GNU/*/Linux Information for VU#333628
| Date Notified | 09/16/2003 |
| Date Modified | 10/15/2003 12:29:44 PM |
| Status Summary | Vulnerable |
Vendor StatementThe OpenSSH package in Openwall GNU/*/Linux did contain the buffer / memory management errors. As of 2003/09/17, we have included the fixes from OpenSSH 3.7.1 as well as 4 additional fixes to other such real or potential errors based on an exhaustive review of the OpenSSH source code for uses of *realloc() functions. At this time, it is uncertain whether and which of these bugs are exploitable. If exploits are possible, due to privilege separation, the worst direct impact should be limited to arbitrary code execution under the sshd pseudo-user account restricted within the chroot jail /var/empty, or under the logged in user accountUS-CERT AddendumThe CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
 |