OpenSSH is a program used to provide secure connection and communications between client and servers. Channels are used to segregate differing traffic between the client and the server.
OpenSSH versions 2.0 - 3.0.2 contain a one-off overflow of an array in the code that handles channels. For an attack against the server, the attacker must be able to authenticate to the system in order to exploit this vulnerability. For an attack against the client, the client must connect to a malicious server.
An attacker is able to execute arbitrary code with the privileges of the sshd process on the server. The sshd process usually runs as root/superuser. A malicious server is able to execute arbitrary code on the vulnerable client's machine with the privileges of the current user.
Upgrade to OpenSSH version 3.1.
Hewlett Packard Affected
Openwall GNU/*/Linux Affected
Red Hat Affected
Debian Not Affected
F-Secure Not Affected
Fujitsu Not Affected
SGI Not Affected
SSH Communications Security Not Affected
This vulnerability was discovered by Joost Pol
This document was written by Jason Rafail.
|Date First Published:||2002-03-07|
|Date Last Updated:||2002-04-02 16:23 UTC|