ID CVE-2003-0682
Summary "Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-2003-0695.
References
Vulnerable Configurations
  • OpenBSD OpenSSH 3.7.1
    cpe:2.3:a:openbsd:openssh:3.7.1
CVSS
Base: 7.5 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-382.NASL
    description A bug has been found in OpenSSH's buffer handling where a buffer could be marked as grown when the actual reallocation failed. DSA-382-2: This advisory is an addition to the earlier DSA-382-1 advisory: two more buffer handling problems have been found in addition to the one described in DSA-382-1. It is not known if these bugs are exploitable, but as a precaution an upgrade is advised. DSA-382-3: This advisory is an addition to the earlier DSA-382-1 and DSA-382-2 advisories: Solar Designer found four more bugs in OpenSSH that may be exploitable.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 15219
    published 2004-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15219
    title Debian DSA-382-3 : ssh - possible remote vulnerability
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2003-280.NASL
    description Updated OpenSSH packages are now available that fix bugs that may be remotely exploitable. [Updated 17 Sep 2003] Updated packages are now available to fix additional buffer manipulation problems which were fixed in OpenSSH 3.7.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0695 to these additional issues. We have also included fixes from Solar Designer for some additional memory bugs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0682 to these issues. OpenSSH is a suite of network connectivity tools that can be used to establish encrypted connections between systems on a network and can provide interactive login sessions and port forwarding, among other functions. The OpenSSH team has announced a bug which affects the OpenSSH buffer handling code. This bug has the potential of being remotely exploitable. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0693 to this issue. All users of OpenSSH should immediately apply this update which contains a backported fix for this issue.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 12421
    published 2004-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=12421
    title RHEL 2.1 : openssh (RHSA-2003:280)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-383.NASL
    description Several bugs have been found in OpenSSH's buffer handling. It is not known if these bugs are exploitable, but as a precaution an upgrade is advised. DSA-383-2: This advisory is an addition to the earlier DSA-383-1 advisory: Solar Designer found four more bugs in OpenSSH that may be exploitable.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 15220
    published 2004-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15220
    title Debian DSA-383-2 : ssh-krb5 - possible remote vulnerability
  • NASL family Gain a shell remotely
    NASL id OPENSSH_36.NASL
    description According to its banner, the remote SSH server is running a version of OpenSSH older than 3.7.1. Such versions are vulnerable to a flaw in the buffer management functions that might allow an attacker to execute arbitrary commands on this host. An exploit for this issue is rumored to exist. Note that several distributions patched this hole without changing the version number of OpenSSH. Since Nessus solely relied on the banner of the remote SSH server to perform this check, this might be a false positive. If you are running a RedHat host, make sure that the command : rpm -q openssh-server returns : openssh-server-3.1p1-13 (RedHat 7.x) openssh-server-3.4p1-7 (RedHat 8.0) openssh-server-3.5p1-11 (RedHat 9)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 11837
    published 2003-09-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=11837
    title OpenSSH < 3.7.1 Multiple Vulnerabilities
  • NASL family Misc.
    NASL id SUNSSH_PLAINTEXT_RECOVERY.NASL
    description The version of SunSSH running on the remote host has an information disclosure vulnerability. A design flaw in the SSH specification could allow a man-in-the-middle attacker to recover up to 32 bits of plaintext from an SSH-protected connection in the standard configuration. An attacker could exploit this to gain access to sensitive information. Note that this version of SunSSH is also prone to several additional issues but Nessus did not test for them.
    last seen 2019-02-21
    modified 2018-07-31
    plugin id 55992
    published 2011-08-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55992
    title SunSSH < 1.1.1 / 1.3 CBC Plaintext Disclosure
oval via4
accepted 2010-09-20T04:00:26.670-04:00
class vulnerability
contributors
  • name Jay Beale
    organization Bastille Linux
  • name Jay Beale
    organization Bastille Linux
  • name Thomas R. Jones
    organization Maitreya Security
  • name Jonathan Baker
    organization The MITRE Corporation
description "Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-2003-0695.
family unix
id oval:org.mitre.oval:def:446
status accepted
submitted 2003-09-21T12:00:00.000-04:00
title Memory Bugs in OpenSSH
version 36
redhat via4
advisories
  • rhsa
    id RHSA-2003:279
  • rhsa
    id RHSA-2003:280
refmap via4
bugtraq 20030917 [OpenPKG-SA-2003.040] OpenPKG Security Advisory (openssh)
conectiva CLA-2003:741
debian
  • DSA-382
  • DSA-383
engarde ESA-20030918-024
freebsd FreeBSD-SA-03:12
suse SuSE-SA:2003:039
statements via4
contributor Joshua Bressers
lastmodified 2007-03-27
organization Red Hat
statement Not vulnerable. This flaw is fixed in Red Hat Enterprise Linux 2.1 via the errata RHSA-2003:280. This flaw is fixed in Red Hat Enterprise Linux 3 as a backported patch. The source RPM contains the patch openssh-3.6.1p2-owl-realloc.diff which resolved this flaw before Red Hat Enterprise Linux 3 GA. This flaw does not affect any subsequent versions of Red Hat Enterprise Linux.
Last major update 17-10-2016 - 22:36
Published 06-10-2003 - 00:00
Last modified 02-05-2018 - 21:29
Back to Top