Notified: September 16, 2003 Updated: September 16, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: September 16, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: October 01, 2003
Affected
AppGate versions from 4.0 up to and including 5.3.1 do include the vulnerable code. Patches are available from the appgate support pages at http://www.appgate.com.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: October 01, 2003
Affected
Apple: Mac OS X 10.2.8 contains the patches to address CVE CAN-2003-0693, CAN-2003-0695, and CAN-2003-0682. On Mac OS X versions prior to 10.2.8, the vulnerability is limited to a denial of service from the possibility of causing sshd to crash. Each login session has its own sshd, so established connections are preserved up to the point where system resources are exhausted by an attack. To deliver the update in a rapid and reliable manner, only the patches for CVE IDs listed above were applied, and not the entire set of patches for OpenSSH 3.7.1. Thus, the OpenSSH version in Mac OS X 10.2.8, as obtained via the "ssh -V" command, is: OpenSSH_3.4p1+CAN-2003-0693, SSH protocols 1.5/2.0, OpenSSL 0x0090609f Mac OS X 10.2.8 is available as a free update for customers running Mac OS X 10.2.x. It is available from: Mac OS X Client (updating from 10.2 - 10.2.5): http://www.info.apple.com/kbnum/n120244 Mac OS X Client (updating from 10.2.6 - 10.2.7): http://www.info.apple.com/kbnum/n120245 Mac OS X Server (updating from 10.2 - 10.2.5): http://www.info.apple.com/kbnum/n120246 Mac OS X Server (updating from 10.2.6 - 10.2.7): http://www.info.apple.com/kbnum/n120247
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: September 16, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: September 16, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: September 16, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: September 16, 2003
Not Affected
Our software shares no codebase with the OpenSSH implementation, therefore we believe that, in our products, this problem does not exist.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: September 17, 2003
Affected
Cisco has some products which are vulnerable to this issue. Cisco's response is now published at http://www.cisco.com/warp/public/707/cisco-sa-20030917-openssh.shtml
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: September 16, 2003
Affected
Cray Inc. supports OpenSSH through its Cray Open Software (COS) package. Cray is vulnerable to this buffer management error and is in the process of compiling OpenSSH 3.7. The new version will be made available in the next COS release.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: September 22, 2003
Affected
Cyclades Corporation Position: Our Cyclades-TS and AlterPath ACS families have been updated against this vulnerability. Please go to Cyclades download page at: http://www.cyclades.com/support/downloads.php All other Cyclades products are not affected by this advisory.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: September 17, 2003
Affected
Debian has issued DSA 382 and DSA 383 for these issues. http://www.debian.org/security/2003/dsa-382 http://www.debian.org/security/2003/dsa-383
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: September 16, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: September 16, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: September 16, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: September 16, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: September 16, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: October 15, 2003
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Please see
Notified: September 16, 2003 Updated: September 18, 2003
Affected
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 FreeBSD-SA-03:12 Security Advisory
FreeBSD, Inc. Topic: OpenSSH buffer management error Category: core, ports
Module: openssh, ports_openssh, openssh-portable
Announced: 2003-09-16
Credits: The OpenSSH Project
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: September 16, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: September 18, 2003
Affected
This vulnerability does not affect any version of F-Secure SSH software that utilizes ssh protocol version 2. The non-affected versions have been available since 1998. This vulnerability only affects the following F-Secure SSH server versions: F-Secure SSH for Unix versions 1.3.14 and earlier. More information is available from http://www.f-secure.com/support/technical/ssh/ssh1_openssh_buffer_management.shtml
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: September 22, 2003
Not Affected
Fujitsu's UXP/V o.s. is not affected by the problem in VU#333628 because it does not support the SSH.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: September 18, 2003
Affected
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 | Guardian Digital Security Advisory September 18, 2003 |
| http://www.guardiandigital.com ESA-20030918-024 | | Packages: openssh, openssh-clients, openssh-server |
| Summary: additional buffer management bugs. EnGarde Secure Linux is an enterprise class Linux platform engineered
to enable corporations to quickly and cost-effectively build a complete
and secure Internet presence while preventing Internet threats. OVERVIEW After the release of ESA-20030916-023, the OpenSSH team discovered more
buffer management bugs (fixed in OpenSSH 3.7.1) of the same type. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0695 to this issue. Additionally, Solar Designer fixed additional bugs of this class. His
fixes are included in this update. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0682 to this issue. Guardian Digital products affected by this issue include: EnGarde Secure Community v1.0.1
EnGarde Secure Community 2
EnGarde Secure Professional v1.1
EnGarde Secure Professional v1.2
EnGarde Secure Professional v1.5 It is recommended that all users apply this update as soon as possible. SOLUTION Guardian Digital Secure Network subscribers may automatically update
affected systems by accessing their account from within the Guardian
Digital WebTool. To modify your GDSN account and contact preferences, please go to: https://www.guardiandigital.com/account/ Below are MD5 sums for the updated EnGarde Secure Linux 1.0.1 packages: Source Packages: SRPMS/openssh-3.4p1-1.0.24.src.rpm
MD5 Sum: 99fe7fb778502a2052bf77820c98e75f Binary Packages: i386/openssh-3.4p1-1.0.24.i386.rpm
MD5 Sum: 47c27d82dedff376039757b982a64354 i386/openssh-clients-3.4p1-1.0.24.i386.rpm
MD5 Sum: 033b6c372912ead498da72e61b726af5 i386/openssh-server-3.4p1-1.0.24.i386.rpm
MD5 Sum: 9b9564ca3cbf8dd6f9a56fb19c2bbb7a i686/openssh-3.4p1-1.0.24.i686.rpm
MD5 Sum: 62b9c11f36e8ce38221d5eb31bf5e7f3 i686/openssh-clients-3.4p1-1.0.24.i686.rpm
MD5 Sum: b3b382a4b4a5923b02f5eac7a1d35290 i686/openssh-server-3.4p1-1.0.24.i686.rpm
MD5 Sum: 513893fc0ad8eda5ffdfc2f79c820e45 REFERENCES Guardian Digital's public key: http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY OpenSSH's Official Web Site: http://www.openssh.com/ Guardian Digital Advisories: http://infocenter.guardiandigital.com/advisories/ Security Contact: security@guardiandigital.com Author: Ryan W. Maple
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: September 18, 2003
Unknown
Hewlett-Packard Company SOURCE: Hewlett-Packard Company Software Security Response Team (SSRT) Date: 16 September, 2003 CROSS REFERENCE ID: SSRT3629 At the time of writing this document, Hewlett Packard is currently investigating the potential impact to HP released operating system software. HP will provide notice of the availability of any necessary patches through standard security bulletin announcements and be available from your normal HP Services support channel. To report any security issue for any HP software products send email to security-alert@hp.com
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: October 07, 2003
Not Affected
Hitachi HI-UX/WE2 is NOT vulnerable, because it does not support OpenSSH.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: October 01, 2003
Affected
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The AIX Security Team is aware of the issues discussed in CERT Vulnerability Note VU#333628 and CERT Advisory CA-2003-24. OpenSSH is available for AIX via the AIX Toolbox for Linux or the Bonus Pack. OpenSSH 3.4p1, revision 9 contains fixes for this issue for the AIX Toolbox for Linux. For more information about the AIX Toolbox for Linux or to download OpenSSH 3.4p1 revision 9, please see: http://www-1.ibm.com/servers/aix/products/aixos/linux/download.html Please note that AIX Toolbox for Linux is available "as-is" and is unwarranted. Patched versions of OpenSSH for the Bonus Pack on AIX 5.1 and 5.2 are available Please see: http://oss.software.ibm.com/developerworks/projects/opensshi -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) iD8DBQE/caebcnMXzUg7txIRAgOJAJ0Y6J/hQbjj55RfRv3cEzBhuNbN6wCdGghw JuV94jCMTXFz9xzJD3b5qo4= =Uhli -----END PGP SIGNATURE-----
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: September 22, 2003
Affected
For information related to this and other published CERT Advisories that may relate to the IBM eServer Platforms (xSeries, iSeries, pSeries, and zSeries) please go to https://app-06.www.ibm.com/servers/resourcelink/lib03020.nsf/pages/securityalerts?OpenDocument&pathID=3D In order to access this information you will require a Resource Link ID. To subscribe to Resource Link go to http://app-06.www.ibm.com/servers/resourcelink and follow the steps for registration. All questions should be refered to servsec@us.ibm.com.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: September 16, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: October 01, 2003
Affected
Ingrian Networks Security Advisory ING-2003-05 Revision 1.0 Dated: 9/22/2003 Posted: https://www.ingrian.com/support/iwsc/security.php Summary The Ingrian DataSecure platform secures business applications and data. This advisory describes a vulnerabilty in all Ingrian platforms. This vulnerability is in the SSH server, which is used for secure access to the command line interface (CLI). There are buffer overflow bugs in the SSH server that could allow an attacker who can connect to the ssh port to crash the SSH server. At this time there are no known exploits, nor are there any known attacks that exploit the buffer overflow to obtain access to an Ingrian device. There is a workaround: block access to port 22 (ssh) at the firewall. Applying the appropriate patch from those listed below will fix the vulnerability. The patches are available at https://www.ingrian.com/support/iwsc/security.php Affected Products All releases of the IngrianOS. Details Sshd, prior to version 3.71, contains buffer overflow bugs that can allow an attacker to crash the program. This vulnerability was announced in CERT advisory CA-2003-24 (http://www.cert.org/advisories/CA-2003-24.html) Impact An attacker could use this vulnerability to perform a denial-of-service attack on an Ingrian device. Since the Ingrian watches and restarts critical services, even if the vulnerability were exploited on an Ingrian device, the period that service would be denied is short. If attackers develop exploits that put the attacker's code on the stack, it would be possible for them to obtain access to the affected machines. Ingrian is not aware of any exploits currently in the field. Software Versions and Fixes This vulnerability is fixed in these patches: 2.6.3p02 2.8.2p02 2.9.0p07 These patches are released as "untested" patches, meaning that they have gone through an acceptance test but have not yet passed the full QA cycle. Fully tested patches will be released shortly. Please contact your Ingrian representative. Obtaining A Fix Customers with service contracts should go through the regular update channels to obtain the software upgrades identified in this advisory. For most customers with service contracts, this means that upgrades should be obtained through the Ingrian Support Center at https://www.ingrian.com/suppport Workarounds This vulnerability exists only when attackers can access the ssh port, port 22. Disabling access to port 22 at the outer firewall prevents the attack. See your firewall vendors' documentation for details. Another workaround is to disable SSH Administration. To do this, select Maintenance, then Services. Click on 'SSH Administration' and then click the 'disable startup' button. Then click 'Stop'. Source This vulnerability was reported in CERT announcement CA-2003-24. Revision History Version 1.0, dated 9/19/2003 Copyright This advisory is copyright 2003 by Ingrian Networks, Inc. This advisory may be redistributed freely, provided that redistributed copies are complete and unmodified, including all date and version information.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: September 16, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: September 16, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: September 22, 2003
Affected
Juniper Networks has identified this vulnerability in all shipping versions of JUNOS and coded a software fix. The fix will be included in all releases of JUNOS Internet software built on or after September 17. Customers with current support contracts should contact JTAC to obtain the fix for this vulnerability. JUNOSe and SDX are not vulnerable to this issue. Contract customers can review the details at: https://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2003-09-007&actionBtn=Search
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: September 16, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: September 16, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: September 16, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: September 16, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: September 18, 2003
Affected
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CONECTIVA LINUX SECURITY ANNOUNCEMENT PACKAGE : openssh SUMMARY : Remote vulnerabilities DATE : 2003-09-17 18:48:00 ID : CLA-2003:741 RELEVANT RELEASES : 7.0, 8, 9 DESCRIPTION OpenSSH[1] is a very popular and versatile tool that uses encrypted connections between hosts and is commonly used for remote administration. This update fixes new vulnerabilities found in the code that handles buffers in OpenSSH. These vulnerabilities are similiar to the ones fixed in the CLSA-2003:739 announcement[2] (CAN-2003-0693) and can be exploited by a remote attacker to cause a denial of service condition and potentially execute arbitrary code (although there is still no concrete evidence of that). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0695 to this additional issue[3]. The OpenSSH team released the version 3.7.1 which fixes this vulnerability[4]. This update contains the versions originally distributed with Conectiva Linux added of backported patches. Additionally, patches made by Solar Designer to fix memory bugs in other parts of the code are being added. Althought it is unlikely that these bugs are exploitable, they are being treatead as security fixes by now and have the name CAN-2003-0682 assigned[5] by The Common Vulnerabilities and Exposures project (cve.mitre.org). SOLUTION It is recommended that all OpenSSH users upgrade their packages. The ssh service will be automatically restarted during the upgrade if it is already running. Current ssh sessions will remain open during the restart. REFERENCES: 1.http://www.openssh.org 2.http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000739&idioma=en 3.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0695 4.http://www.openssh.com/txt/buffer.adv 5.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0682 UPDATED PACKAGES ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssh-3.4p1-1U70_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssh-askpass-3.4p1-1U70_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssh-askpass-gnome-3.4p1-1U70_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssh-clients-3.4p1-1U70_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssh-server-3.4p1-1U70_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/openssh-3.4p1-1U70_3cl.src.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/openssh-3.4p1-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/openssh-askpass-3.4p1-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/openssh-askpass-gnome-3.4p1-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/openssh-clients-3.4p1-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/openssh-server-3.4p1-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/SRPMS/openssh-3.4p1-1U80_3cl.src.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/openssh-3.5p1-27767U90_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/openssh-askpass-3.5p1-27767U90_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/openssh-askpass-gnome-3.5p1-27767U90_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/openssh-clients-3.5p1-27767U90_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/openssh-server-3.5p1-27767U90_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/SRPMS/openssh-3.5p1-27767U90_2cl.src.rpm ADDITIONAL INSTRUCTIONS The apt tool can be used to perform RPM packages upgrades: - run: apt-get update - after that, execute: apt-get upgrade Detailed instructions reagarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en All packages are signed with Conectiva's GPG key. The key and instructions on how to import it can be found at http://distro.conectiva.com.br/seguranca/chave/?idioma=en Instructions on how to check the signatures of the RPM packages can be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en All our advisories and generic update instructions can be viewed at http://distro.conectiva.com.br/atualizacoes/?idioma=en Copyright (c) 2003 Conectiva Inc. http://www.conectiva.com subscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br unsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE/aNbu42jd0JmAcZARAnByAJ4la1+ZTsDPuuQoFcu4ygjk406b5wCg11KG KWI0pS7VlyuaHtgastTIZrA= =QKv8 -----END PGP SIGNATURE-----
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: September 17, 2003
Affected
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 Mandrake Linux Security Update Advisory Package name: openssh
Advisory ID: MDKSA-2003:090-1
Date: September 17th, 2003
Original Advisory Date: September 16th, 2003
Affected versions: 8.2, 9.0, 9.1, Corporate Server 2.1,
Multi Network Firewall 8.2 Problem Description: A buffer management error was discovered in all versions of openssh
prior to version 3.7. According to the OpenSSH team's advisory: "It is uncertain whether this error is potentially exploitable,
however, we prefer to see bugs fixed proactively." There have also
been reports of an exploit in the wild. MandrakeSoft encourages all users to upgrade to these patched openssh
packages immediately and to disable sshd until you are able to upgrade
if at all possible. Update: The OpenSSH developers discovered more, similar, problems and revised
the patch to correct these issues. These new packages have the latest
patch fix applied. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0693
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0695
http://www.kb.cert.org/vuls/id/333628
http://www.openssh.com/txt/buffer.adv Updated Packages: Corporate Server 2.1: e4dd6a2be580feeceddb7bf702646992 corporate/2.1/RPMS/openssh-3.6.1p2-1.2.90mdk.i586.rpm
b643425ed773606865f31797db73b6d5 corporate/2.1/RPMS/openssh-askpass-3.6.1p2-1.2.90mdk.i586.rpm
bf403b678dd74c14c489bf5a32939e80 corporate/2.1/RPMS/openssh-askpass-gnome-3.6.1p2-1.2.90mdk.i586.rpm
c4ec1f56320d69a37455d4f74da30d2d corporate/2.1/RPMS/openssh-clients-3.6.1p2-1.2.90mdk.i586.rpm
0252fc0a7273c7c2ebbe4ae92fe492c6 corporate/2.1/RPMS/openssh-server-3.6.1p2-1.2.90mdk.i586.rpm
8909a7349c3e18993784900e1c501dc8 corporate/2.1/SRPMS/openssh-3.6.1p2-1.2.90mdk.src.rpm Corporate Server 2.1/x86_64: 7a297d5ad1cf8f266a7045e5ed6407b4 x86_64/corporate/2.1/RPMS/openssh-3.6.1p2-1.2.90mdk.x86_64.rpm
0e1047d7ac87e4cb2fc83f51156f89e8 x86_64/corporate/2.1/RPMS/openssh-askpass-3.6.1p2-1.2.90mdk.x86_64.rpm
09592be1376bff2acb58577eb22927e5 x86_64/corporate/2.1/RPMS/openssh-askpass-gnome-3.6.1p2-1.2.90mdk.x86_64.rpm
cb39634d5cb6811a53e833a566dca625 x86_64/corporate/2.1/RPMS/openssh-clients-3.6.1p2-1.2.90mdk.x86_64.rpm
2e49b64404318ee3c10f7088781f36da x86_64/corporate/2.1/RPMS/openssh-server-3.6.1p2-1.2.90mdk.x86_64.rpm
8909a7349c3e18993784900e1c501dc8 x86_64/corporate/2.1/SRPMS/openssh-3.6.1p2-1.2.90mdk.src.rpm Mandrake Linux 8.2: 862ccaea668653af1dd98d4f4cba388e 8.2/RPMS/openssh-3.6.1p2-1.2.82mdk.i586.rpm
abb351c902abd9bcfc7eefd0d8e56b43 8.2/RPMS/openssh-askpass-3.6.1p2-1.2.82mdk.i586.rpm
614a6bd4680be732689f5bd1e791a351 8.2/RPMS/openssh-askpass-gnome-3.6.1p2-1.2.82mdk.i586.rpm
baa534caf5c7121741a7089e11cd169e 8.2/RPMS/openssh-clients-3.6.1p2-1.2.82mdk.i586.rpm
6f0b03ff0dd99857159177d3e797e916 8.2/RPMS/openssh-server-3.6.1p2-1.2.82mdk.i586.rpm
d6fd51341f521dc7fc2086915dcaec20 8.2/SRPMS/openssh-3.6.1p2-1.2.82mdk.src.rpm Mandrake Linux 8.2/PPC: c453de5cac92707c112c9245663fd25c ppc/8.2/RPMS/openssh-3.6.1p2-1.2.82mdk.ppc.rpm
48211a23e464b38ebd4e7deed7347f48 ppc/8.2/RPMS/openssh-askpass-3.6.1p2-1.2.82mdk.ppc.rpm
77d27118abff6a1d6c0f57c167fefb52 ppc/8.2/RPMS/openssh-askpass-gnome-3.6.1p2-1.2.82mdk.ppc.rpm
b58b03854614f14c861f42121d165a2b ppc/8.2/RPMS/openssh-clients-3.6.1p2-1.2.82mdk.ppc.rpm
9c477dda47eab7cad24839d0ea43e6a4 ppc/8.2/RPMS/openssh-server-3.6.1p2-1.2.82mdk.ppc.rpm
d6fd51341f521dc7fc2086915dcaec20 ppc/8.2/SRPMS/openssh-3.6.1p2-1.2.82mdk.src.rpm Mandrake Linux 9.0: e4dd6a2be580feeceddb7bf702646992 9.0/RPMS/openssh-3.6.1p2-1.2.90mdk.i586.rpm
b643425ed773606865f31797db73b6d5 9.0/RPMS/openssh-askpass-3.6.1p2-1.2.90mdk.i586.rpm
bf403b678dd74c14c489bf5a32939e80 9.0/RPMS/openssh-askpass-gnome-3.6.1p2-1.2.90mdk.i586.rpm
c4ec1f56320d69a37455d4f74da30d2d 9.0/RPMS/openssh-clients-3.6.1p2-1.2.90mdk.i586.rpm
0252fc0a7273c7c2ebbe4ae92fe492c6 9.0/RPMS/openssh-server-3.6.1p2-1.2.90mdk.i586.rpm
8909a7349c3e18993784900e1c501dc8 9.0/SRPMS/openssh-3.6.1p2-1.2.90mdk.src.rpm Mandrake Linux 9.1: 2f657dd739f51adad400b75e627db53a 9.1/RPMS/openssh-3.6.1p2-1.2.91mdk.i586.rpm
2284741fdae6b3809b85f1f193dc9c7b 9.1/RPMS/openssh-askpass-3.6.1p2-1.2.91mdk.i586.rpm
3462362cb6364701bfe536541f24d349 9.1/RPMS/openssh-askpass-gnome-3.6.1p2-1.2.91mdk.i586.rpm
5a8b2d3763dfc4dd77c7705401b4155e 9.1/RPMS/openssh-clients-3.6.1p2-1.2.91mdk.i586.rpm
508f52a1bc06e57b5176c31dc7d1674b 9.1/RPMS/openssh-server-3.6.1p2-1.2.91mdk.i586.rpm
4d9c124f212d3ad840bc19f6579784fc 9.1/SRPMS/openssh-3.6.1p2-1.2.91mdk.src.rpm Mandrake Linux 9.1/PPC: bf558d8fba0c8f779f73e8a3f75956d8 ppc/9.1/RPMS/openssh-3.6.1p2-1.2.91mdk.ppc.rpm
ca0ff77a847d5485cf03e4abb1fc7a88 ppc/9.1/RPMS/openssh-askpass-3.6.1p2-1.2.91mdk.ppc.rpm
4c45f30751958b8347713b818a55caf1 ppc/9.1/RPMS/openssh-askpass-gnome-3.6.1p2-1.2.91mdk.ppc.rpm
e7912e06b6bf2579badac32f583d8511 ppc/9.1/RPMS/openssh-clients-3.6.1p2-1.2.91mdk.ppc.rpm
809424b2dd19bd2f654fdf4743fc5a8b ppc/9.1/RPMS/openssh-server-3.6.1p2-1.2.91mdk.ppc.rpm
4d9c124f212d3ad840bc19f6579784fc ppc/9.1/SRPMS/openssh-3.6.1p2-1.2.91mdk.src.rpm Multi Network Firewall 8.2: 862ccaea668653af1dd98d4f4cba388e mnf8.2/RPMS/openssh-3.6.1p2-1.2.82mdk.i586.rpm
baa534caf5c7121741a7089e11cd169e mnf8.2/RPMS/openssh-clients-3.6.1p2-1.2.82mdk.i586.rpm
6f0b03ff0dd99857159177d3e797e916 mnf8.2/RPMS/openssh-server-3.6.1p2-1.2.82mdk.i586.rpm
d6fd51341f521dc7fc2086915dcaec20 mnf8.2/SRPMS/openssh-3.6.1p2-1.2.82mdk.src.rpm Bug IDs fixed (see https://qa.mandrakesoft.com for more information): To upgrade automatically, use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you. A list of FTP mirrors can be obtained from: http://www.mandrakesecure.net/en/ftp.php All packages are signed by MandrakeSoft for security. You can obtain
the GPG public key of the Mandrake Linux Security Team by executing: gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98 Please be aware that sometimes it takes the mirrors a few hours to
update. You can view other update advisories for Mandrake Linux at: http://www.mandrakesecure.net/en/advisories/ MandrakeSoft has several security-related mailing list services that
anyone can subscribe to. Information on these lists can be obtained by
visiting: http://www.mandrakesecure.net/en/mlist.php If you want to report vulnerabilities, please contact security_linux-mandrake.com Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: September 16, 2003
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: September 18, 2003
Affected
Mirapoint released a patch (D3_SSH_CA_2003_24) last night to fix the first reported vulnerability and will release D3_SSH_CA_2003_24_1 to cover the second.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: September 16, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: September 16, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: September 16, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: August 12, 2008 Updated: August 12, 2008
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 16, 2003 Updated: September 17, 2003
Affected
The NetBSD Security Advisory on the OpenSSH buffer management issue is available here: ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-012.txt.asc
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: September 16, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: September 16, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: August 12, 2008
Affected
This issue applies only to SecureAdmin on Data ONTAP versions earlier than 6.4.3, and SecureAdmin for NetCache releases earlier than 5.5R2. All current releases (NetCache 5.6, 6.0 and 6.1, and Filer 6.5, 7.0, 7.1, 7.2, 7.3 and 10.0) have been secured against this issue. If you have an affected release: Disable the SSH server on the filer or NetCache appliance, or if it must remain enabled, ensure that the ssh.access option (config.admin.trusted_hosts in NetCache) is used to restrict ssh connections to authorized administrative hosts.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: September 16, 2003 Updated: September 18, 2003
Affected
Nokia confirms that IPSO and IPSO-SX are affected by the vulnerability described in CERT Coordination Center Vulnerability Note VU#333628. We are currently backporting the patches provided by the OpenSSH team into the OpenSSH versions deployed within IPSO and IPSO-SX. According to CERT/CC, the most likely impact of the vulnerability is the potential for a DoS attack if an exploit script is repeatedly executed against the same device. This potential can be eliminated by restricting access to SSH, allowing access only from trusted workstations by using either Access Control Lists (ACLs) or firewall rules to restrict access to TCP port 22. To prevent automated scanners from successfully exploiting this vulnerability, ensure that the SSH server does not run on the default port of TCP 22 and is running on an alternate port, preferably above port 1024. In IPSO, this can be done by going to the "Security and Access Configuration" section in Voyager and selecting "SSH (Secure Shell)," then click on the "Go to the advanced server options page" link. From here, under the "Configure Server Protocol Details" heading, the TCP port number for the SSH service can be changed to a different value. We expect to provide updated releases of IPSO and IPSO-SX the week of September 22, 2003.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: September 16, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: September 16, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: September 17, 2003
Affected
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 OpenPKG Security Advisory The OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
openpkg-security@openpkg.org openpkg@openpkg.org
OpenPKG-SA-2003.040 17-Sep-2003 Package: openssh
Vulnerability: arbitrary code execution
OpenPKG Specific: no Affected Releases: Affected Packages: Corrected Packages: OpenPKG CURRENT <= openssh-3.7p1-20030916 >= openssh-3.7.1p1-20030917
OpenPKG 1.3 <= openssh-3.6.1p2-1.3.1 >= openssh-3.6.1p2-1.3.2
OpenPKG 1.2 <= openssh-3.5p1-1.2.3 >= openssh-3.5p1-1.2.4 Dependent Packages: none Description: According to an OpenSSH [1] Security Advisory [0], 2nd revision, all
versions of OpenSSH's sshd(8) prior to version 3.7.1 contain buffer
management errors. The discovery of additional similar errors by
Solar Designer show that version 3.7.1 is affected, too. Those errors
may allow remote attackers to execute arbitrary code by causing an
incorrect amount of memory to be cleared and corrupting the heap on
fatal cleanups. The Common Vulnerabilities and Exposures (CVE) project assigned
the id CAN-2003-0693 [2] to the problem, as initially explained
in the 1st revision of the OpenSSH Security Advisory [0]. In the
current 2nd revision, similar problems were described and fixed, too. Additionally, Solaris Designer found 4 more problematic instances
of similar memory management errors. The corrected OpenPKG packages
(see versions above) contain the collected bug fixes for all of those
errors. Please check whether you are affected by running "
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: September 17, 2003
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
This issue is resolved in version 3.7.1. Please see the OpenSSH advisory at: http://www.openssh.com/txt/buffer.adv
Notified: September 16, 2003 Updated: September 18, 2003
Affected
The OpenSSH package in Openwall GNU/*/Linux did contain the buffer / memory management errors. As of 2003/09/17, we have included the fixes from OpenSSH 3.7.1 as well as 4 additional fixes to other such real or potential errors based on an exhaustive review of the OpenSSH source code for uses of *realloc() functions. At this time, it is uncertain whether and which of these bugs are exploitable. If exploits are possible, due to privilege separation, the worst direct impact should be limited to arbitrary code execution under the sshd pseudo-user account restricted within the chroot jail /var/empty, or under the logged in user account
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: October 01, 2003
Not Affected
We have tested our code and double checked for the code vulnerability and we have found that our code is NOT vulnerable.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: September 16, 2003
Not Affected
PuTTY is not based on the OpenSSH code base, so it should not be vulnerable to any OpenSSH-specific attacks.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: September 16, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: September 18, 2003
Affected
Red Hat Linux and Red Hat Enterprise Linux ship with an OpenSSL package vulnerable to these issues. Updated OpenSSL packages are available along with our advisory at the URLs below. Users of the Red Hat Network can update their systems using the 'up2date' tool. Red Hat Linux: http://rhn.redhat.com/errata/RHSA-2003-279.html Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2003-280.html
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: October 01, 2003
Affected
Riverstone Networks has issued an advisory on this issue at http://www.riverstonenet.com/support/tb0265-9.html.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: October 07, 2003
Affected
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SCO Security Advisory Subject: OpenServer 5.0.7 : OpenSSH: multiple buffer handling problems Advisory number: CSSA-2003-SCO.24 Issue date: 2003 October 1 Cross reference: sr884749 fz528324 erg712436 CERT VU#33362 CERT VU#602204 CAN-2003-0693 CAN-2003-0786 CAN-2003-0695 CAN-2003-0682 1. Problem Description Several buffer management errors and memory bugs are corrected by this patch. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to these issues. CAN-2003-0693, CAN-2003-0695, CAN-2003-0682, CAN-2003-0786. The CERT Coordination Center has assigned the following names VU#333628, and VU#602204. CERT VU#333628 / CAN-2003-0693: A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CAN-2003-0695 CAN-2003-0695: Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than CAN-2003-0693. CAN-2003-0682: "Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CAN-2003-0693 and CAN-2003-0695. CERT VU#602204 / CAN-2003-0786: Portable OpenSSH versions 3.7p1 and 3.7.1p1 contain multiple vulnerabilities in the new PAM code. At least one of these bugs is remotely exploitable (under a non-standard configuration, with privsep disabled). OpenServer is not configured to use PAM, so is not vulnerable. 2. Vulnerable Supported Versions System Binaries OpenServer 5.0.7 OpenSSH Distribution 3. Solution The proper solution is to install the latest packages. 4. OpenServer 5.0.7 4.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.24 4.2 Verification MD5 (VOL.000.000) = f36194ca559c850794874f9c7a0b2a18 MD5 (VOL.000.001) = 02b76bd551a0a95f2544b8999c6fbcbf MD5 (VOL.000.002) = 6818513c946dbcd43a3f34fc19ef79fc MD5 (VOL.000.003) = 8149c475968c3d7318eda33f30ce8045 md5 is available for download from ftp://ftp.sco.com/pub/security/tools 4.3 Installing Fixed Binaries Upgrade the affected binaries with the following sequence: 1) Download the VOL* files to the /tmp directory 2) Run the custom command, specify an install from media images, and specify the /tmp directory as the location of the images. 5. References Specific references for this advisory: http://www.openssh.com/txt/buffer.adv http://www.mindrot.org/pipermail/openssh-unix-announce/2003-September/000063.html http://www.freebsd.org/cgi/cvsweb.cgi/~checkout~/ports/security/openssh/files/patch-buffer.c http://marc.theaimsgroup.com/?l=openbsd-misc&m=106371592604940 http://marc.theaimsgroup.com/?l=openbsd-security-announce&m=106375582924840 SCO security resources: http://www.sco.com/support/security/index.html This security fix closes SCO incidents sr884749 fz528324 erg712436. 6. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (SCO/UNIX_SVR5) iD8DBQE/eyW6aqoBO7ipriERAugiAJwP8ehQ81QNC7EuX8NEkINrtvII0gCfTbZl HrkB1nNF8uxgUSgnWHR61O4= =p5ga -----END PGP SIGNATURE-----
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: September 22, 2003
Not Affected
Sidewinder(r) and Sidewinder G2 Firewall(tm) (including all appliances) Not Vulnerable. Sidewinder v5.x & Sidewinder G2 v6.x's embedded Type Enforcement(r) technology strictly limits the capabilities of Secure Computing's modified version of the OpenSSH daemon code integrated into the firewall's SecureOS operating system. Any attempt to exploit this vulnerability in the OpenSSH daemon code running on the firewalls results in an automatic termination of the attacker's connection and multiple Type Enforcement alarms. Gauntlet(tm) & e-ppliance Not Vulnerable. Gauntlet and e-ppliance do not include SSH server software, and are thus immune to this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: September 16, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: September 16, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: September 16, 2003
Affected
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] OpenSSH Security Advisory (SSA:2003-259-01) Upgraded OpenSSH packages are available for Slackware 8.1, 9.0 and - -current. These fix a buffer management error found in versions of OpenSSH earlier than 3.7. The possibility exists that this error could allow a remote exploit, so we recommend all sites running OpenSSH upgrade to the new OpenSSH package immediately. Here are the details from the Slackware 9.0 ChangeLog: Tue Sep 16 11:13:05 PDT 2003 patches/packages/openssh-3.7p1-i386-1.tgz: Upgraded to openssh-3.7p1. From the OpenSSH Security Advisory (http://www.openssh.com/txt/buffer.adv): "All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error. It is uncertain whether this error is potentially exploitable, however, we prefer to see bugs fixed proactively." (* Security fix *) WHERE TO FIND THE NEW PACKAGES: Updated package for Slackware 8.1: ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/openssh-3.7p1-i386-1.tgz Updated package for Slackware 9.0: ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/openssh-3.7p1-i386-1.tgz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssh-3.7p1-i486-1.tgz MD5 SIGNATURES: Slackware 8.1 package: a86d410e47fe8ab4a8e9f04293a94093 openssh-3.7p1-i386-1.tgz Slackware 9.0 package: ca1d0b1e658c5391067f2a9cf11fc239 openssh-3.7p1-i386-1.tgz Slackware -current package: c58003eaaf4362c8475f0f5a77f2adbb openssh-3.7p1-i486-1.tgz INSTALLATION INSTRUCTIONS: (This procedure is safe to do while logged in through OpenSSH) Upgrade using upgradepkg (as root): # upgradepkg openssh-3.7p1-i386-1.tgz Restart OpenSSH: . /etc/rc.d/rc.sshd restart Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com | HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: | | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | unsubscribe slackware-security | | You will get a confirmation message back. Follow the instructions to | | complete the unsubscription. Do not reply to this message to | | unsubscribe! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/Z1e9akRjwEAQIjMRAmufAJ9LzlDM92HI9GHUD6VBb7XszGvnQwCfd9cf REvURD6OFDRCs4EhBQUsnuk= =7iqn -----END PGP SIGNATURE-----
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: September 16, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: September 17, 2003
Not Affected
SSH Secure Shell products do not contain the buffer management error. SSH Communications Security products have different code base than OpenSSH.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: January 16, 2007
Affected
The Solaris Secure Shell in Solaris 9 is impacted by this issue described in CERT Vulnerability Note VU#333628. Sun has published Sun Alert 56861 available here: http://sunsolve.sun.com/search/document.do?assetkey=1-26-56861-1 which details the impact, contributing factors, workaround options, and resolution. This issue does not affect the Solaris Secure Shell in Solaris 10.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: September 18, 2003
Affected
-----BEGIN PGP SIGNED MESSAGE----- SuSE Security Announcement Package: openssh (second release)
Announcement-ID: SuSE-SA:2003:039
Date: Thursday, Sep 18 2003 20:00 MEST
Affected products: 7.2, 7.3, 8.0, 8.1, 8.2
SuSE Linux Database Server,
SuSE eMail Server III, 3.1
SuSE Linux Enterprise Server 7, 8
SuSE Linux Firewall on CD/Admin host
SuSE Linux Connectivity Server
SuSE Linux Office Server
SuSE Linux Standard Server 8
Vulnerability Type: potential remote privilege escalation
Severity (1-10): 8
SuSE default package: yes
Cross References: http://www.openssh.com/txt/buffer.adv
CERTVU#333628 http://www.kb.cert.org/vuls/id/333628
CVE CAN-2003-0693
CVE CAN-2003-0695
CVE CAN-2003-0682 Content of this advisory: 1) security vulnerability resolved: openssh
problem description, discussion, solution and upgrade information
2) pending vulnerabilities, solutions, workarounds: - mysql
3) standard appendix (further information) 1) problem description, brief discussion, solution, upgrade information The openssh package is the most widely used implementation of the secure
shell protocol family (ssh). It provides a set of network connectivity
tools for remote (shell) login, designed to substitute the traditional
BSD-style r-protocols (rsh, rlogin). openssh has various authentification
mechanisms and many other features such as TCP connection and X11 display
forwarding over the fully encrypted network connection as well as file
transfer facilities. This is a new release of SuSE Security Announcement (openssh),
ID SuSE-SA:2003:038. A set of new bugs were addressed by the openssh
development team. These bugs are fixed in the new 3.7.1 upstream release
of the openssh package; we have added the necessary changes to our
packages preserving the package version to avoid the risk of incompatible
behaviour of the software. Specifics about the errors found: (Topic for SuSE Security Announcement SuSE-SA:2003:038:) A programming error has been found in code responsible for buffer
management. If exploited by a (remote) attacker, the error may lead to
unauthorized access to the system, allowing the execution of arbitrary
commands. The error is known as the buffer_append_space()-bug and is
assigned the Common Vulnerabilities and Exposures (CVE) name CAN-2003-0693. The error was cause for the upstream release openssh-3.7. (Topic for SuSE Security Announcement SuSE-SA:2003:039 (this announcement) Programming errors of a similar kind as described above have been found in
other portions of the code, with similar effects. These errors are known
as "buffer.c/channels.c bug", the CVE name for these errors is CAN-2003-0695. This set of errors was cause for the upstream release openssh-3.7.1. In addition to the fixes for the buffer.c/channels.c bugs we have added
some changes that have been assembled by Solar Designer during his review
of the source code. These fixes are considered a precautious measure and
are not believed to have a significant effect on the security of the
openssh code. At the time of writing this announcement, we believe that at least one set
of errors as described above is exploitable by a remote attacker. As a
reminder, at the time of writing the SuSE Security Announcement
SuSE-SA:2003:038 it was unclear if the bug addressed with the announcement
(buffer_append_space()-bug) is exploitable. An increasing amount of TCP
connection attempts to port 22 as observed in the internet during the
past days may indicate that there exists an exploit for the error in the
public. Please note that we have disabled the Privilege Separation feature in
the ssh daemon (sshd) with this update. The PrivSep feature is designed
to have parts of the ssh daemon's work running under lowered privileges,
thereby limiting the effect of a possible vulnerability in the code. The
PrivSep feature is turned on/off by the UsePrivilegeSeparation keyword
in sshd's configuration file /etc/ssh/sshd_config. The feature is held
responsible for malfunctions in PAM (Pluggable Authentification Modules). The update mechanism will not overwrite configuration files that have
been altered after the package installation. SPECIAL INSTALL INSTRUCTIONS: After the update has been successfully applied, the ssh daemon (sshd)
must be restarted for update package to become effective. To restart the
ssh daemon after the update, please run the following command as root: rcsshd restart Please download the update package for your distribution and verify its
integrity by the methods listed in section 3) of this announcement. Then, install the package using the command "rpm -Fhv file.rpm" to apply
the update. Our maintenance customers are being notified individually. The packages
are being offered to install from the maintenance web. Intel i386 Platform: SuSE-8.2: ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/openssh-3.5p1-107.i586.rpm
e030b0803481d0f29f576e3b4726284f
patch rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/openssh-3.5p1-107.i586.patch.rpm
d022894363b99e6bd03e9b2109c2244c
source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/openssh-3.5p1-107.src.rpm
3f7f5ed43c7d795c63fe06148874944a SuSE-8.1: ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/openssh-3.4p1-215.i586.rpm
91cdd33a4149756b8f6371aa3177a5f4
patch rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/openssh-3.4p1-215.i586.patch.rpm
3b7c44819c8fed5e33514481d99d4ab7
source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/openssh-3.4p1-215.src.rpm
6c3694fc75bcf185035547b85abbc491 SuSE-8.0: ftp://ftp.suse.com/pub/suse/i386/update/8.0/sec1/openssh-3.4p1-215.i386.rpm
c61781b97767188cc3a39795535307ff
patch rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/8.0/sec1/openssh-3.4p1-215.i386.patch.rpm
c222aef79a8fef6d44d8d61fc075efc5
source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/openssh-3.4p1-215.src.rpm
bc327a4150058c9d1216cb96712973a5 SuSE-7.3: ftp://ftp.suse.com/pub/suse/i386/update/7.3/sec1/openssh-2.9.9p2-156.i386.rpm
c9928c04b03cb292aa96ad6890a5ee38
source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/openssh-2.9.9p2-156.src.rpm
28aa82be9233e3ba93b94eb138c9ea04 SuSE-7.2: ftp://ftp.suse.com/pub/suse/i386/update/7.2/sec1/openssh-2.9.9p2-156.i386.rpm
b369724a788a2c6bd70a448a49530f69
source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/7.2/zq1/openssh-2.9.9p2-156.src.rpm
98b8b7281fe04aab8c8838adcf195697 Sparc Platform: SuSE-7.3: ftp://ftp.suse.com/pub/suse/sparc/update/7.3/sec1/openssh-2.9.9p2-53.sparc.rpm
97cb0218e9354b8cc062e44a0d6fb19f
source rpm(s): ftp://ftp.suse.com/pub/suse/sparc/update/7.3/zq1/openssh-2.9.9p2-53.src.rpm
8cddb96e633864469d7ba08d3cf7436a PPC Power PC Platform: SuSE-7.3: ftp://ftp.suse.com/pub/suse/ppc/update/7.3/sec1/openssh-2.9.9p2-109.ppc.rpm
37b1e82a3971f5c4c427ce37227b11e0
source rpm(s): ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zq1/openssh-2.9.9p2-109.src.rpm
7a19424887772b86d14bacbf5add9628 2) Pending vulnerabilities in SuSE Distributions and Workarounds: - A buffer overflow vulnerability has been found in the mysql package,
an Open Source relational database system. The error may allow a remote
attacker to execute arbitrary code with the privileges of the database
process. We are in the process of building and testing the update packages and
will release them with a SuSE Security Announcement as soon as possible. 3) standard appendix: authenticity verification, additional information - Package authenticity verification: SuSE update packages are available on many mirror ftp servers all over
the world. While this service is being considered valuable and important
to the free and open source software community, many users wish to be
sure about the origin of the package and its content before installing
the package. There are two verification methods that can be used
independently from each other to prove the authenticity of a downloaded
file or rpm package: 1) md5sums as provided in the (cryptographically signed) announcement. 2) using the internal gpg signatures of the rpm package. 1) execute the command
md5sum
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: September 17, 2003
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: September 18, 2003
Not Affected
This notification is to inform you that Top Layer products are not susceptible to the recently announce OpenSSH vulnerability (versions prior to 3.7.1) which appear to occur as a result of buffer management errors. Specifically, this is an issue with freeing the appropriate memory size on the heap, where in certain cases, the memory cleared is too large and might cause heap corruption. More detailed information about this vulnerability can be found at: OpenSSH link: http://www.openssh.com/txt/buffer.adv Top Layer Networks advises following best security practices by restricting the management of any Top Layer device to required address range and ports, as well as denying access to all protocols that are not required.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: September 17, 2003
Affected
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 Trustix Secure Linux Security Advisory #2003-0033 Package name: openssh
Summary: Buffer Management error
Date: 2003-09-17
Affected versions: TSL 1.2, 1.5, 2.0 Package description: OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
up to date in terms of security and features, as well as removing all
patented algorithms to seperate libraries (OpenSSL). Problem description: Taken from the announcement of openssh 3.7.1: All versions of OpenSSH's sshd prior to 3.7.1 contain buffer management
errors. It is uncertain whether these errors are potentially exploitable,
however, we prefer to see bugs fixed proactively. OpenSSH 3.7 fixed one of these bugs. OpenSSH 3.7.1 fixes more similar bugs. The TSL team has choosen to backport these fixes into the various versions
of openssh packaged in TSL. Action: We recommend that all systems with this package installed be upgraded. Please note that if you do not need the functionality provided by this
package, you may want to remove it from your system. Location: All TSL updates are available from
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: September 16, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: September 16, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: September 16, 2003
Not Affected
No VanDyke products are affected by this vulnerability. VanDyke does not use any OpenSSH code.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: October 01, 2003
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Please see, http://www.vmware.com/download/esx/esx152-patch5.html
Notified: September 16, 2003 Updated: September 16, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: September 16, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 16, 2003 Updated: September 16, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.