10 - DSA-383

Executive Summary

Summary
Title	OpenSSH buffer management fix

Informations
Name	DSA-383	First vendor Publication	2003-09-17
Vendor	Debian	Last vendor Modification	2003-09-21
Severity (Vendor)	N/A	Revision	2

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

This advisory is an addition to the earlier DSA-383-1 advisory: Solar Designer found four more bugs in OpenSSH that may be exploitable.

For the Debian stable distribution these bugs have been fixed in version 1:3.4p1-0woody4 .

Original Source

Url : http://www.debian.org/security/2003/dsa-383

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:2719

Oval ID:	oval:org.mitre.oval:def:2719
Title:	Buffer Management Error in OpenSSH
Description:	A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2003-0693	Version:	1
Platform(s):	Sun Solaris 9	Product(s):	OpenSSH
Definition Synopsis:
Software section Solaris 9 Installed AND NOT Patch 113273-04 or later installed AND Configuration section sshd running

Definition Id: oval:org.mitre.oval:def:446

Oval ID:	oval:org.mitre.oval:def:446
Title:	Memory Bugs in OpenSSH
Description:	"Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-2003-0695.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2003-0682	Version:	4
Platform(s):	Red Hat Linux 9	Product(s):	OpenSSH
Definition Synopsis:
Software section Red Hat 9 is installed AND ix86 architecture AND openssh-server version is less than 3.5p1-11 AND Configuration section sshd listens on the network

Definition Id: oval:org.mitre.oval:def:447

Oval ID:	oval:org.mitre.oval:def:447
Title:	Mutliple Buffer Management Errors in OpenSSH II
Description:	A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2003-0693	Version:	4
Platform(s):	Red Hat Linux 9	Product(s):	OpenSSH
Definition Synopsis:
Software section Red Hat 9 is installed AND ix86 architecture AND openssh-server version is less than 3.5p1-11 AND Configuration section sshd listens on the network

Definition Id: oval:org.mitre.oval:def:452

Oval ID:	oval:org.mitre.oval:def:452
Title:	Mutliple Buffer Management Errors in OpenSSH
Description:	Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than CVE-2003-0693.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2003-0695	Version:	4
Platform(s):	Red Hat Linux 9	Product(s):	OpenSSH
Definition Synopsis:
Software section Red Hat 9 is installed AND ix86 architecture AND openssh-server version is less than 3.5p1-11 AND Configuration section sshd listens on the network

CPE : Common Platform Enumeration

Type	Description	Count
Application	Openbsd Openssh cpe:2.3:a:openbsd:openssh:5.8:p1:::::: cpe:2.3:a:openbsd:openssh:5.8:-:::::: cpe:2.3:a:openbsd:openssh:5.8:p2:::::: cpe:2.3:a:openbsd:openssh:5.7:p1:::::: cpe:2.3:a:openbsd:openssh:5.7:-:::::: cpe:2.3:a:openbsd:openssh:5.6:p1:::::: cpe:2.3:a:openbsd:openssh:5.6:-:::::: cpe:2.3:a:openbsd:openssh:5.5:p1:::::: cpe:2.3:a:openbsd:openssh:5.5:-:::::: cpe:2.3:a:openbsd:openssh:5.4:p1:::::: cpe:2.3:a:openbsd:openssh:5.4:-:::::: cpe:2.3:a:openbsd:openssh:5.3:p1:::::: cpe:2.3:a:openbsd:openssh:5.3:-:::::: cpe:2.3:a:openbsd:openssh:5.2:p1:::::: cpe:2.3:a:openbsd:openssh:5.2:-:::::: cpe:2.3:a:openbsd:openssh:5.1:p1:::::: cpe:2.3:a:openbsd:openssh:5.1:-:::::: cpe:2.3:a:openbsd:openssh:5.0:p1:::::: cpe:2.3:a:openbsd:openssh:5.0:-:::::: cpe:2.3:a:openbsd:openssh:4.9:-:::::: cpe:2.3:a:openbsd:openssh:4.9:p1:::::: cpe:2.3:a:openbsd:openssh:4.8:-:::::: cpe:2.3:a:openbsd:openssh:4.8:p1:::::: cpe:2.3:a:openbsd:openssh:4.7:-:::::: cpe:2.3:a:openbsd:openssh:4.7:p1:::::: cpe:2.3:a:openbsd:openssh:4.6:-:::::: cpe:2.3:a:openbsd:openssh:4.6:p1:::::: cpe:2.3:a:openbsd:openssh:4.5:-:::::: cpe:2.3:a:openbsd:openssh:4.5:p1:::::: cpe:2.3:a:openbsd:openssh:4.4:-:::::: cpe:2.3:a:openbsd:openssh:4.4:p1:::::: cpe:2.3:a:openbsd:openssh:4.3:-:::::: cpe:2.3:a:openbsd:openssh:4.3:p1:::::: cpe:2.3:a:openbsd:openssh:4.3:p2:::::: cpe:2.3:a:openbsd:openssh:4.2:-:::::: cpe:2.3:a:openbsd:openssh:4.2:p1:::::: cpe:2.3:a:openbsd:openssh:4.1:-:::::: cpe:2.3:a:openbsd:openssh:4.1:p1:::::: cpe:2.3:a:openbsd:openssh:4.0:-:::::: cpe:2.3:a:openbsd:openssh:4.0:p1:::::: cpe:2.3:a:openbsd:openssh:3.9.1:::::::* cpe:2.3:a:openbsd:openssh:3.9.1:p1:::::: cpe:2.3:a:openbsd:openssh:3.9:-:::::: cpe:2.3:a:openbsd:openssh:3.9:p1:::::: cpe:2.3:a:openbsd:openssh:3.8.1:-:::::: cpe:2.3:a:openbsd:openssh:3.8.1:p1:::::: cpe:2.3:a:openbsd:openssh:3.8:-:::::: cpe:2.3:a:openbsd:openssh:3.8:p1:::::: cpe:2.3:a:openbsd:openssh:3.7.1:-:::::: cpe:2.3:a:openbsd:openssh:3.7.1:p1:::::: cpe:2.3:a:openbsd:openssh:3.7.1:p2:::::: cpe:2.3:a:openbsd:openssh:3.7:::::::* cpe:2.3:a:openbsd:openssh:3.6.1:-:::::: cpe:2.3:a:openbsd:openssh:3.6.1:p1:::::: cpe:2.3:a:openbsd:openssh:3.6.1:p2:::::: cpe:2.3:a:openbsd:openssh:3.6:-:::::: cpe:2.3:a:openbsd:openssh:3.6:p1:::::: cpe:2.3:a:openbsd:openssh:3.5:-:::::: cpe:2.3:a:openbsd:openssh:3.5:p1:::::: cpe:2.3:a:openbsd:openssh:3.4:-:::::: cpe:2.3:a:openbsd:openssh:3.4:p1:::::: cpe:2.3:a:openbsd:openssh:3.3:-:::::: cpe:2.3:a:openbsd:openssh:3.3:p1:::::: cpe:2.3:a:openbsd:openssh:3.2.3:-:::::: cpe:2.3:a:openbsd:openssh:3.2.3:p1:::::: cpe:2.3:a:openbsd:openssh:3.2.2:-:::::: cpe:2.3:a:openbsd:openssh:3.2.2:p1:::::: cpe:2.3:a:openbsd:openssh:3.2:::::::* cpe:2.3:a:openbsd:openssh:3.1:-:::::: cpe:2.3:a:openbsd:openssh:3.1:p1:::::: cpe:2.3:a:openbsd:openssh:3.0.2:-:::::: cpe:2.3:a:openbsd:openssh:3.0.2:p1:::::: cpe:2.3:a:openbsd:openssh:3.0.1:-:::::: cpe:2.3:a:openbsd:openssh:3.0.1:p1:::::: cpe:2.3:a:openbsd:openssh:3.0:-:::::: cpe:2.3:a:openbsd:openssh:3.0:p1:::::: cpe:2.3:a:openbsd:openssh:2.9.9:p2:::::: cpe:2.3:a:openbsd:openssh:2.9.9:-:::::: cpe:2.3:a:openbsd:openssh:2.9.9:p1:::::: cpe:2.3:a:openbsd:openssh:2.9:-:::::: cpe:2.3:a:openbsd:openssh:2.9:p1:::::: cpe:2.3:a:openbsd:openssh:2.9:p2:::::: cpe:2.3:a:openbsd:openssh:2.5.2:-:::::: cpe:2.3:a:openbsd:openssh:2.5.2:p2:::::: cpe:2.3:a:openbsd:openssh:2.5.1:-:::::: cpe:2.3:a:openbsd:openssh:2.5.1:p1:::::: cpe:2.3:a:openbsd:openssh:2.5.1:p2:::::: cpe:2.3:a:openbsd:openssh:2.5:::::::* cpe:2.3:a:openbsd:openssh:2.3.1:::::::* cpe:2.3:a:openbsd:openssh:2.3.0:-:::::: cpe:2.3:a:openbsd:openssh:2.3.0:p1:::::: cpe:2.3:a:openbsd:openssh:2.3:::::::* cpe:2.3:a:openbsd:openssh:2.2.0:-:::::: cpe:2.3:a:openbsd:openssh:2.2.0:p1:::::: cpe:2.3:a:openbsd:openssh:2.2:::::::* cpe:2.3:a:openbsd:openssh:2.1.1:-:::::: cpe:2.3:a:openbsd:openssh:2.1.1:p1:::::: cpe:2.3:a:openbsd:openssh:2.1.1:p2:::::: cpe:2.3:a:openbsd:openssh:2.1.1:p3:::::: cpe:2.3:a:openbsd:openssh:2.1.1:p4:::::: cpe:2.3:a:openbsd:openssh:2.1.0:-:::::: cpe:2.3:a:openbsd:openssh:2.1.0:p1:::::: cpe:2.3:a:openbsd:openssh:2.1:::::::* cpe:2.3:a:openbsd:openssh:2:::::::* cpe:2.3:a:openbsd:openssh:1.5.8:::::::* cpe:2.3:a:openbsd:openssh:1.5.7:::::::* cpe:2.3:a:openbsd:openssh:1.5:::::::* cpe:2.3:a:openbsd:openssh:1.3:::::::* cpe:2.3:a:openbsd:openssh:1.2.3:-:::::: cpe:2.3:a:openbsd:openssh:1.2.3:p1:::::: cpe:2.3:a:openbsd:openssh:1.2.27:::::::* cpe:2.3:a:openbsd:openssh:1.2.2:-:::::: cpe:2.3:a:openbsd:openssh:1.2.2:p1:::::: cpe:2.3:a:openbsd:openssh:1.2.1:::::::* cpe:2.3:a:openbsd:openssh:1.2:::::::* cpe:2.3:a:openbsd:openssh:::::::: cpe:2.3:a:openbsd:openssh:-:::::::*	117

OpenVAS Exploits

Date	Description
2008-09-04	Name : FreeBSD Security Advisory (FreeBSD-SA-03:12.openssh.asc) File : nvt/freebsdsa_openssh.nasl
2008-01-17	Name : Debian Security Advisory DSA 382-1 (ssh) File : nvt/deb_382_1.nasl
2008-01-17	Name : Debian Security Advisory DSA 382-2 (ssh) File : nvt/deb_382_2.nasl
2008-01-17	Name : Debian Security Advisory DSA 382-3 (ssh) File : nvt/deb_382_3.nasl
2008-01-17	Name : Debian Security Advisory DSA 383-1 (ssh-krb5) File : nvt/deb_383_1.nasl
2008-01-17	Name : Debian Security Advisory DSA 383-2 (ssh-krb5) File : nvt/deb_383_2.nasl
0000-00-00	Name : Slackware Advisory SSA:2003-266-01 New OpenSSH packages File : nvt/esoft_slk_ssa_2003_266_01.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
6601	OpenSSH realloc() Unspecified Memory Errors OpenSSH contains memory flaws with unspecified consequences. The issue is triggered when realloc() is called. No further information has been provided.
3456	OpenSSH buffer_append_space() Heap Corruption A remote overflow exists in the buffer_append_space of buffer.c in OpenSSH. OpenSSH fails to check the amount of memory being freed, resulting in a buffer overflow. With a specially crafted request, an attacker can cause denial of service or execution of arbitrary code, resulting in a loss of integrity and/or availability.
2557	OpenSSH Multiple Buffer Management Multiple Overflows OpenSSH contains several flaws that may allow remote attackers to execute arbitrary code. The issues occur in the buffer_init and buffer_free functions in buffer.c, as well as an separate function also called buffer_free in channels.c. These functions may provide an attacker with the opportunity to inject custom data that could result in memory manipulation and possibly code execution.

Nessus® Vulnerability Scanner

Date	Description
2011-08-29	Name : The SSH service running on the remote host has an information disclosure vuln... File : sunssh_plaintext_recovery.nasl - Type : ACT_GATHER_INFO
2005-07-13	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2003-266-01.nasl - Type : ACT_GATHER_INFO
2004-09-29	Name : The remote Debian host is missing a security-related update. File : debian_DSA-382.nasl - Type : ACT_GATHER_INFO
2004-09-29	Name : The remote Debian host is missing a security-related update. File : debian_DSA-383.nasl - Type : ACT_GATHER_INFO
2004-07-31	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2003-090.nasl - Type : ACT_GATHER_INFO
2004-07-25	Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2003_038.nasl - Type : ACT_GATHER_INFO
2004-07-06	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2003-280.nasl - Type : ACT_GATHER_INFO
2004-07-06	Name : The RedHat version have been identified. File : redhat_fixes.nasl - Type : ACT_GATHER_INFO
2003-09-16	Name : The remote SSH service is affected by various memory bugs. File : openssh_36.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:32:53	Multiple Updates

Global Informations

Type	Count
Oval ID(s)	4
CPE ID(s)	117
osvdb(s)	3
Openvas Exploit(s)	7
Nessus® Exploit(s)	9

	Related
10	CVE-2003-0693
7.5	CVE-2003-0695
7.5	CVE-2003-0682
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 3 more Alert(s)

10 - DSA-383

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU