{"vuid":"VU#333628","idnumber":"333628","name":"OpenSSH contains buffer management errors","keywords":["OpenSSH"],"overview":"Versions of the OpenSSH server prior to 3.7.1 contain buffer management errors. While the full impact of these vulnerabilities are unclear, they may lead to memory corruption and a denial-of-service situation.","clean_desc":"Versions of OpenSSH prior to 3.7.1 contain errors in the general handling of buffers. These vulnerabilities appear to occur due to some buffer management errors. Specifically, this is an issue with freeing the appropriate memory size on the heap. In certain cases, the memory cleared is too large and might cause heap corruption. Various network and embedded systems may use OpenSSH or derived code. These systems may also be affected by this issue. We have seen reports of exploitation that may be related to this issue.","impact":"The full impact of these vulnerabilities is unclear. The most likely impact is that the heap may be corrupted leading to a denial of service. If it is possible to exploit this vulnerability in a manner that would allow the execution of arbitrary code, then an attacker may be able to so with the privileges of the user running the sshd process, usually root. The impact may be limited on systems using the privilege separation feature available in OpenSSH for some systems.","resolution":"Apply patches\nThe OpenSSH developement team has developed patches and an advisory for this issue. More details will be available at http://www.openssh.com/txt/buffer.adv\nUsers of systems that include OpenSSH software are encouraged to check the vendors section of this document for more information.","workarounds":"Disable or limit access to the ssh service For those systems that do not require ssh to be enabled, we encourage users to disable the service. If the service cannot be disabled and patches cannot be applied, we recommend using a packet filter to limit access to the vulnerable service from only trusted hosts.","sysaffected":"","thanks":"Thanks to OpenSSH for information regarding this vulnerability.","author":"This document was written by Jason A Rafail.","public":["http://www.openssh.com/txt/buffer.adv","http://www.mindrot.org/pipermail/openssh-unix-announce/2003-September/000062.html","http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/openssh/files/patch-buffer.c","http://www.secunia.com/advisories/10156/"],"cveids":["CVE-2003-0693"],"certadvisory":"CA-2003-24","uscerttechnicalalert":null,"datecreated":"2003-08-26T15:17:51Z","publicdate":"2003-09-16T00:00:00Z","datefirstpublished":"2003-09-16T16:18:56Z","dateupdated":"2008-08-12T19:48:43Z","revision":26,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"15","cam_exploitation":"11","cam_internetinfrastructure":"20","cam_population":"15","cam_impact":"8","cam_easeofexploitation":"14","cam_attackeraccessrequired":"20","cam_scorecurrent":"28.98","cam_scorecurrentwidelyknown":"32.13","cam_scorecurrentwidelyknownexploited":"37.8","ipprotocol":"tcp","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":28.98,"vulnote":null}