search menu icon-carat-right cmu-wordmark

CERT Coordination Center

OpenSSH contains buffer management errors

Vulnerability Note VU#333628

Original Release Date: 2003-09-16 | Last Revised: 2008-08-12

Overview

Versions of the OpenSSH server prior to 3.7.1 contain buffer management errors. While the full impact of these vulnerabilities are unclear, they may lead to memory corruption and a denial-of-service situation.

Description

Versions of OpenSSH prior to 3.7.1 contain errors in the general handling of buffers. These vulnerabilities appear to occur due to some buffer management errors. Specifically, this is an issue with freeing the appropriate memory size on the heap. In certain cases, the memory cleared is too large and might cause heap corruption.

Various network and embedded systems may use OpenSSH or derived code. These systems may also be affected by this issue.

We have seen reports of exploitation that may be related to this issue.

Impact

The full impact of these vulnerabilities is unclear. The most likely impact is that the heap may be corrupted leading to a denial of service.
If it is possible to exploit this vulnerability in a manner that would allow the execution of arbitrary code then an attacker may be able to so with the privileges of the user running the sshd process, usually root. The impact may be limited on systems using the privilege separation feature available in OpenSSH for some systems.

Solution

Apply patches
The OpenSSH developement team has developed patches and an advisory for this issue. More details will be available at

http://www.openssh.com/txt/buffer.adv
Users of systems that include OpenSSH software are encouraged to check the vendors section of this document for more information.

Disable or limit access to the ssh service


For those systems that do not require ssh to be enabled, we encourage users to disable the service. If the service cannot be disabled and patches cannot be applied, we recommend using a packet filter to limit access to the vulnerable service from only trusted hosts.

Vendor Information

333628
 

View all 78 vendors View less vendors


CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Thanks to OpenSSH for information regarding this vulnerability.

This document was written by Jason A Rafail.

Other Information

CVE IDs: CVE-2003-0693
CERT Advisory: CA-2003-24
Severity Metric: 28.98
Date Public: 2003-09-16
Date First Published: 2003-09-16
Date Last Updated: 2008-08-12 19:48 UTC
Document Revision: 26

Sponsored by CISA.