TUCoPS :: Linux :: Debian :: dsa-382.htm

ssh - possible remote vulnerability

Debian Security Advisory

DSA-382-3 ssh -- possible remote vulnerability

Date Reported:
16 Sep 2003
Affected Packages:
ssh
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CAN-2003-0693, CAN-2003-0695, CAN-2003-0682.
CERT's vulnerabilities, advisories and incident notes: VU#333628, CA-2003-24.
More information:

A bug has been found in OpenSSH's buffer handling where a buffer could be marked as grown when the actual reallocation failed.

DSA-382-2: This advisory is an addition to the earlier DSA-382-1 advisory: two more buffer handling problems have been found in addition to the one described in DSA-382-1. It is not known if these bugs are exploitable, but as a precaution an upgrade is advised.

DSA-382-3: This advisory is an addition to the earlier DSA-382-1 and DSA-382-2 advisories: Solar Designer found four more bugs in OpenSSH that may be exploitable.

For the Debian stable distribution (woody) these bugs have been fixed in version 1:3.4p1-1.woody.3.

Fixed in:

Debian GNU/Linux 3.0 (woody)

Source:
http://security.debian.org/pool/updates/main/o/openssh/openssh_3.4p1.orig.tar.gz
http://security.debian.org/pool/updates/main/o/openssh/openssh_3.4p1-1.woody.3.dsc
http://security.debian.org/pool/updates/main/o/openssh/openssh_3.4p1-1.woody.3.diff.gz
Alpha:
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_alpha.deb
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_alpha.deb
ARM:
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_arm.deb
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_arm.deb
HP Precision:
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_hppa.deb
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_hppa.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_i386.deb
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_ia64.deb
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_ia64.deb
Motorola 680x0:
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_m68k.deb
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_m68k.deb
Big-endian MIPS:
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_mips.deb
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_mips.deb
Little-endian MIPS:
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_mipsel.deb
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_powerpc.deb
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_s390.deb
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_sparc.deb
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_sparc.deb

MD5 checksums of the listed files are available in the original advisory.

MD5 checksums of the listed files are available in the original advisory.

MD5 checksums of the listed files are available in the original advisory.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH