ID CVE-2003-0695
Summary Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than CVE-2003-0693.
References
Vulnerable Configurations
  • cpe:2.3:a:openbsd:openssh:-:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:-:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:1.2.2:-:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:1.2.2:-:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:1.2.2:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:1.2.2:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:1.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:1.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:1.2.3:-:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:1.2.3:-:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:1.2.3:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:1.2.3:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:1.2.27:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:1.2.27:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:1.3:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:1.5.7:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:1.5.7:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:1.5.8:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:1.5.8:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.1.0:-:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.1.0:-:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.1.0:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.1.0:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.1.1:-:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.1.1:-:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.1.1:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.1.1:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.1.1:p2:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.1.1:p2:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.1.1:p3:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.1.1:p3:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.1.1:p4:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.1.1:p4:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.2:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.2.0:-:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.2.0:-:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.2.0:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.2.0:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.3:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.3.0:-:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.3.0:-:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.3.0:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.3.0:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.5:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.5.1:-:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.5.1:-:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.5.1:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.5.1:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.5.1:p2:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.5.1:p2:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.5.2:-:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.5.2:-:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.5.2:p2:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.5.2:p2:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.9:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.9:-:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.9:-:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.9:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.9:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.9:p2:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.9:p2:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.9.9:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.9.9:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.9.9:-:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.9.9:-:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.9.9:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.9.9:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.9.9p2:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.9.9p2:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.9p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.9p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.9p2:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.9p2:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.0:-:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.0:-:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.0:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.0:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.0.1:-:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.0.1:-:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.0.1:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.0.1:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.0.2:-:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.0.2:-:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.0.2:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.0.2:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.1:-:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.1:-:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.1:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.1:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.2.2:-:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.2.2:-:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.2.2:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.2.2:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.2.3:-:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.2.3:-:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.2.3:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.2.3:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.3:-:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.3:-:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.3:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.3:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.4:-:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.4:-:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.4:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.4:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.5:-:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.5:-:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.5:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.5:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.6:-:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.6:-:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.6:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.6:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.6.1:-:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.6.1:-:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.6.1:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.6.1:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.6.1:p2:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.6.1:p2:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.7:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.7.1:-:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.7.1:-:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.7.1:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.7.1:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.7.1:p2:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.7.1:p2:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 03-05-2018 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
oval via4
accepted 2010-09-20T04:00:27.401-04:00
class vulnerability
contributors
  • name Jay Beale
    organization Bastille Linux
  • name Jay Beale
    organization Bastille Linux
  • name Thomas R. Jones
    organization Maitreya Security
  • name Jonathan Baker
    organization The MITRE Corporation
description Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than CVE-2003-0693.
family unix
id oval:org.mitre.oval:def:452
status accepted
submitted 2003-09-21T12:00:00.000-04:00
title Mutliple Buffer Management Errors in OpenSSH
version 37
redhat via4
advisories
  • rhsa
    id RHSA-2003:279
  • rhsa
    id RHSA-2003:280
refmap via4
bugtraq
  • 20030917 [OpenPKG-SA-2003.040] OpenPKG Security Advisory (openssh)
  • 20030917 [slackware-security] OpenSSH updated again (SSA:2003-260-01)
conectiva CLA-2003:741
confirm http://www.openssh.com/txt/buffer.adv
debian
  • DSA-382
  • DSA-383
engarde ESA-20030918-024
freebsd FreeBSD-SA-03:12
mandrake MDKSA-2003:090
misc http://marc.info/?l=openbsd-security-announce&m=106375582924840
suse SuSE-SA:2003:039
trustix 2003-0033
statements via4
contributor Mark J Cox
lastmodified 2007-06-01
organization Red Hat
statement Not vulnerable. This flaw is fixed in Red Hat Enterprise Linux 2.1 via the errata RHSA-2003:280. This flaw is fixed in Red Hat Enterprise Linux 3 as a backported patch. The source RPM contains the patch openssh-3.6.1p2-owl-realloc.diff which resolved this flaw before Red Hat Enterprise Linux 3 GA. This flaw does not affect any subsequent versions of Red Hat Enterprise Linux.
Last major update 03-05-2018 - 01:29
Published 06-10-2003 - 04:00
Back to Top