CVE-2002-0083
CVSS10.0
发布时间 :2002-03-15 00:00:00
修订时间 :2016-10-17 22:16:01
NMCOES    

[原文]Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.


[CNNVD]OpenSSH 'Channel'代码实现off-by-one漏洞(CNNVD-200203-034)

        
        OpenSSH是一个对SSH协议开放源码的,免费的实现。它对所有网络通讯进行加密传输,从而避开了许多网络层的攻击,是个很有用的网络连接工具。
        OpenSSH实现上存在缓冲区溢出漏洞,一个有合法登录帐号的用户可以利用此漏洞得到主机的root权限。
        为了实现X11、TCP和代理转发,OpenSSH在一个TCP连接上复用多个"channel"。OpenSSH在管理"channel"的代码实现上存在一个off-by-one(偏移一个单位)漏洞,程序可能会错误地使用正常范围之外的内存数据,一个有合法登录帐号的攻击者登录到系统以后可以利用此漏洞让sshd以root权限执行任意指令。一个恶意的ssh服务器也可能利用此漏洞在用户的客户机上执行任意指令。
        

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CWE (弱点类目)

CWE-189 [数值错误]

- CPE (受影响的平台与产品)

cpe:/o:conectiva:linux:graficasConectiva Conectiva Linux graficas
cpe:/o:redhat:linux:7.0Red Hat Linux 7.0
cpe:/o:redhat:linux:7.1Red Hat Linux 7.1
cpe:/o:trustix:secure_linux:1.5Trustix Secure Linux 1.5
cpe:/o:redhat:linux:7.2Red Hat Linux 7.2
cpe:/o:suse:suse_linux:6.4::i386
cpe:/a:openbsd:openssh:2.5.2OpenBSD OpenSSH 2.5.2
cpe:/a:openbsd:openssh:2.9p1OpenBSD OpenSSH 2.9 p1
cpe:/o:trustix:secure_linux:1.2Trustix Secure Linux 1.2
cpe:/a:openbsd:openssh:2.9p2OpenBSD OpenSSH 2.9 p2
cpe:/o:trustix:secure_linux:1.1Trustix Secure Linux 1.1
cpe:/a:openbsd:openssh:2.5.1OpenBSD OpenSSH 2.5.1
cpe:/o:suse:suse_linux:7.1::spa
cpe:/a:openbsd:openssh:2.1OpenBSD OpenSSH 2.1
cpe:/a:openbsd:openssh:2.2OpenBSD OpenSSH 2.2
cpe:/a:openbsd:openssh:2.9.9OpenBSD OpenSSH 2.9.9
cpe:/o:conectiva:linux:5.0Conectiva Conectiva Linux 5.0
cpe:/o:suse:suse_linux:7.1::x86
cpe:/a:openbsd:openssh:2.3OpenBSD OpenSSH 2.3
cpe:/o:suse:suse_linux:7.0::ppc
cpe:/o:conectiva:linux:7.0Conectiva Conectiva Linux 7.0
cpe:/o:suse:suse_linux:7.3::ppc
cpe:/o:conectiva:linux:5.1Conectiva Conectiva Linux 5.1
cpe:/a:mandrakesoft:mandrake_single_network_firewall:7.2MandrakeSoft Mandrake Single Network Firewall 7.2
cpe:/o:mandrakesoft:mandrake_linux:7.2MandrakeSoft Mandrake Linux 7.2
cpe:/o:mandrakesoft:mandrake_linux:7.1MandrakeSoft Mandrake Linux 7.1
cpe:/o:suse:suse_linux:6.4:alphaSuSE SuSE Linux 6.4 alpha
cpe:/o:mandrakesoft:mandrake_linux_corporate_server:1.0.1MandrakeSoft Mandrake Linux Corporate Server 1.0.1
cpe:/a:immunix:immunix:7.0
cpe:/o:suse:suse_linux:7.0::i386
cpe:/a:openbsd:openssh:3.0.1OpenBSD OpenSSH 3.0.1
cpe:/o:suse:suse_linux:7.3::i386
cpe:/o:suse:suse_linux:7.1::sparc
cpe:/o:suse:suse_linux:7.0::sparc
cpe:/o:suse:suse_linux:7.2::i386
cpe:/o:suse:suse_linux:7.3::sparc
cpe:/a:openbsd:openssh:2.9OpenBSD OpenSSH 2.9
cpe:/a:openbsd:openssh:2.5OpenBSD OpenSSH 2.5
cpe:/o:engardelinux:secure_linux:1.0.1Engarde Secure Linux 1.0.1
cpe:/o:conectiva:linux:ecommerceConectiva Conectiva Linux ecommerce
cpe:/a:openpkg:openpkg:1.0OpenPKG 1.0
cpe:/o:suse:suse_linux:6.4::ppc
cpe:/o:conectiva:linux:6.0Conectiva Conectiva Linux 6.0
cpe:/o:suse:suse_linux:7.0:alphaSuSE SuSE Linux 7.0 alpha
cpe:/a:openbsd:openssh:2.1.1OpenBSD OpenSSH 2.1.1
cpe:/o:mandrakesoft:mandrake_linux:8.1MandrakeSoft Mandrake Linux 8.1
cpe:/o:mandrakesoft:mandrake_linux:8.0MandrakeSoft Mandrake Linux 8.0
cpe:/o:mandrakesoft:mandrake_linux:8.0::ppc
cpe:/o:suse:suse_linux:7.1:alphaSuSE SuSE Linux 7.1 alpha

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0083
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0083
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200203-034
(官方数据源) CNNVD

- 其它链接及资源

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc
(UNKNOWN)  FREEBSD  FreeBSD-SA-02:13
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-004.txt.asc
(UNKNOWN)  NETBSD  NetBSD-SA2002-004
ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.10/CSSA-2002-SCO.10.txt
(UNKNOWN)  CALDERA  CSSA-2002-SCO.10
ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.11/CSSA-2002-SCO.11.txt
(UNKNOWN)  CALDERA  CSSA-2002-SCO.11
http://archives.neohapsis.com/archives/bugtraq/2002-03/0108.html
(UNKNOWN)  BUGTRAQ  20020311 TSLSA-2002-0039 - openssh
http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0060.html
(UNKNOWN)  VULNWATCH  20020307 [VulnWatch] [PINE-CERT-20020301] OpenSSH off-by-one
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000467
(UNKNOWN)  CONECTIVA  CLA-2002:467
http://marc.info/?l=bugtraq&m=101552065005254&w=2
(UNKNOWN)  BUGTRAQ  20020307 [PINE-CERT-20020301] OpenSSH off-by-one
http://marc.info/?l=bugtraq&m=101553908201861&w=2
(UNKNOWN)  BUGTRAQ  20020307 OpenSSH Security Advisory (adv.channelalloc)
http://marc.info/?l=bugtraq&m=101561384821761&w=2
(UNKNOWN)  BUGTRAQ  20020308 [OpenPKG-SA-2002.002] OpenPKG Security Advisory (openssh)
http://marc.info/?l=bugtraq&m=101586991827622&w=2
(UNKNOWN)  BUGTRAQ  20020310 OpenSSH 2.9.9p2 packages for Immunix 6.2 with latest fix
http://online.securityfocus.com/advisories/3960
(UNKNOWN)  HP  HPSBTL0203-029
http://online.securityfocus.com/archive/1/264657
(UNKNOWN)  BUGTRAQ  20020328 OpenSSH channel_lookup() off by one exploit
http://www.calderasystems.com/support/security/advisories/CSSA-2002-012.0.txt
(UNKNOWN)  CALDERA  CSSA-2002-012.0
http://www.debian.org/security/2002/dsa-119
(VENDOR_ADVISORY)  DEBIAN  DSA-119
http://www.iss.net/security_center/static/8383.php
(UNKNOWN)  XF  openssh-channel-error(8383)
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-019.php
(UNKNOWN)  MANDRAKE  MDKSA-2002:019
http://www.linuxsecurity.com/advisories/other_advisory-1937.html
(VENDOR_ADVISORY)  ENGARDE  ESA-20020307-007
http://www.novell.com/linux/security/advisories/2002_009_openssh_txt.html
(UNKNOWN)  SUSE  SuSE-SA:2002:009
http://www.openbsd.org/advisories/ssh_channelalloc.txt
(UNKNOWN)  CONFIRM  http://www.openbsd.org/advisories/ssh_channelalloc.txt
http://www.redhat.com/support/errata/RHSA-2002-043.html
(UNKNOWN)  REDHAT  RHSA-2002:043
http://www.securityfocus.com/bid/4241
(UNKNOWN)  BID  4241

- 漏洞信息

OpenSSH 'Channel'代码实现off-by-one漏洞
危急 边界条件错误
2002-03-15 00:00:00 2006-09-15 00:00:00
远程  
        
        OpenSSH是一个对SSH协议开放源码的,免费的实现。它对所有网络通讯进行加密传输,从而避开了许多网络层的攻击,是个很有用的网络连接工具。
        OpenSSH实现上存在缓冲区溢出漏洞,一个有合法登录帐号的用户可以利用此漏洞得到主机的root权限。
        为了实现X11、TCP和代理转发,OpenSSH在一个TCP连接上复用多个"channel"。OpenSSH在管理"channel"的代码实现上存在一个off-by-one(偏移一个单位)漏洞,程序可能会错误地使用正常范围之外的内存数据,一个有合法登录帐号的攻击者登录到系统以后可以利用此漏洞让sshd以root权限执行任意指令。一个恶意的ssh服务器也可能利用此漏洞在用户的客户机上执行任意指令。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 此问题没有好的临时解决方法,您应该尽快升级软件。如果不能及时升级,您应该限制不可信用户对sshd的访问。
        * 您也可以使用下列补丁:
        --- channels_old.c Mon Mar 4 02:07:06 2002
        +++ channels.c Mon Mar 4 02:07:16 2002
        @@ -151,7 +151,7 @@
         channel_lookup(int id)
         {
         Channel *c;
        - if (id < 0 || id > channels_alloc) {
        + if (id < 0 || id >= channels_alloc) {
         log("channel_lookup: %d: bad id", id);
         return NULL;
         }
        厂商补丁:
        Caldera
        -------
        Caldera已经为此发布了一个安全公告(CSSA-2002-SCO.10)以及相应补丁:
        CSSA-2002-SCO.10:OpenServer: OpenSSH channel code vulnerability
        链接:ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.10
        补丁下载:
        OpenServer:
        ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.10/openssh-3.1p1-VOLS.tar
        从上述地址将补丁下载到/tmp目录下并展开:
         # cd /tmp
         # tar xvf openssh-3.1p1-VOLS.tar
        运行custom命令,指定从媒介映像中安装,将/tmp目录作为映像所在位置。
        Conectiva
        ---------
        Conectiva已经为此发布了一个安全公告(CLA-2002:467)以及相应补丁:
        CLA-2002:467:openssh
        链接:
        http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000467

        补丁下载:
        ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/openssh-3.0.2p1-1U50_2cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/5.0/i386/openssh-3.0.2p1-1U50_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.0/i386/openssh-askpass-3.0.2p1-1U50_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.0/i386/openssh-askpass-gnome-3.0.2p1-1U50_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.0/i386/openssh-clients-3.0.2p1-1U50_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.0/i386/openssh-server-3.0.2p1-1U50_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/openssh-3.0.2p1-1U51_2cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/5.1/i386/openssh-3.0.2p1-1U51_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.1/i386/openssh-askpass-3.0.2p1-1U51_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.1/i386/openssh-askpass-gnome-3.0.2p1-1U51_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.1/i386/openssh-clients-3.0.2p1-1U51_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.1/i386/openssh-server-3.0.2p1-1U51_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/openssh-3.0.2p1-1U60_2cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/6.0/RPMS/openssh-3.0.2p1-1U60_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/6.0/RPMS/openssh-askpass-3.0.2p1-1U60_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/6.0/RPMS/openssh-askpass-gnome-3.0.2p1-1U60_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/6.0/RPMS/openssh-clients-3.0.2p1-1U60_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/6.0/RPMS/openssh-server-3.0.2p1-1U60_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/openssh-3.0.2p1-1U70_2cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssh-3.0.2p1-1U70_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssh-askpass-3.0.2p1-1U70_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssh-askpass-gnome-3.0.2p1-1U70_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssh-clients-3.0.2p1-1U70_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssh-server-3.0.2p1-1U70_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/openssh-3.0.2p1-1U50_2cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/openssh-3.0.2p1-1U50_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/openssh-askpass-3.0.2p1-1U50_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/openssh-askpass-gnome-3.0.2p1-1U50_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/openssh-clients-3.0.2p1-1U50_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/openssh-server-3.0.2p1-1U50_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/openssh-3.0.2p1-1U50_2cl.src.rpm
        

- 漏洞信息 (21314)

OpenSSH 2.x/3.0.1/3.0.2 Channel Code Off-By-One Vulnerability (EDBID:21314)
unix remote
2002-03-07 Verified
0 Morgan
N/A [点击下载]
source: http://www.securityfocus.com/bid/4241/info

OpenSSH is a suite implementing the SSH protocol. It includes client and server software, and supports ssh and sftp. It was initially developed for BSD, but is also widely used for Linux, Solaris, and other UNIX-like operating systems.

A vulnerability has been announced in some versions of OpenSSH. An off-by-one error occurs in the channel code. A malicious client may exploit this vulnerability by connecting to a vulnerable server. Valid credentials are believed to be required, since the exploitable condition reportedly occurs after successful authentication. An examination of the code suggests this, but it has not been confirmed by the maintainer.

Administrators should assume that this can be exploited without authentication and should patch vulnerable versions immediately. 

http://www.exploit-db.com/sploits/21314.tgz		

- 漏洞信息

730
OpenSSH Channel Code Off by One Remote Privilege Escalation
Local / Remote Input Manipulation
Loss of Integrity Upgrade
Exploit Public Third-party Verified

- 漏洞描述

OpenSSH contains an 'Off by One' error in the channel code, which an existing local user can use to gain root privileges. A malicious ssh server could also use this bug to exploit a connecting vulnerable client. No further details have been provided.

- 时间线

2002-03-07 Unknow
2002-03-07 Unknow

- 解决方案

Upgrade to version 3.1 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by applying the vendor-supplied patch.

- 相关参考

- 漏洞作者

- 漏洞信息

OpenSSH Channel Code Off-By-One Vulnerability
Boundary Condition Error 4241
Yes No
2002-03-07 12:00:00 2007-11-05 03:25:00
Credited to Joost Pol <joost@pine.nl>.

- 受影响的程序版本

OpenSSH OpenSSH 3.0.2 p1
+ Guardian Digital Engarde Secure Linux 1.0.1
+ HP VirtualVault 4.6
OpenSSH OpenSSH 3.0.2
- Debian Linux 3.0
+ FreeBSD FreeBSD 4.5 -STABLEpre2002-03-07
+ FreeBSD FreeBSD 4.5 -RELEASE
+ OpenPKG OpenPKG 1.0
+ Openwall Openwall GNU/*/Linux 0.1 -stable
+ S.u.S.E. Linux 8.0
OpenSSH OpenSSH 3.0.1
OpenSSH OpenSSH 2.9.9
+ NetBSD NetBSD 1.5.2
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.2
OpenSSH OpenSSH 2.9 p2
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
- Conectiva Linux 5.0
- Conectiva Linux graficas
- Conectiva Linux ecommerce
+ FreeBSD FreeBSD 4.4 -RELENG
+ HP Secure OS software for Linux 1.0
+ Immunix Immunix OS 7.0
+ MandrakeSoft Corporate Server 1.0.1
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
+ RedHat Linux 7.2
+ RedHat Linux 7.1
+ RedHat Linux 7.0
- S.u.S.E. Linux 7.3 sparc
- S.u.S.E. Linux 7.3 ppc
- S.u.S.E. Linux 7.3 i386
- S.u.S.E. Linux 7.2 i386
- S.u.S.E. Linux 7.1 x86
- S.u.S.E. Linux 7.1 sparc
- S.u.S.E. Linux 7.1 ppc
- S.u.S.E. Linux 7.1 alpha
+ Sun Cobalt RaQ 550
OpenSSH OpenSSH 2.9 p1
- IBM AIX 4.3.3
- IBM AIX 4.3.2
- IBM AIX 4.3.1
- IBM AIX 4.3
OpenSSH OpenSSH 2.9
+ FreeBSD FreeBSD 4.6 -RELEASE
+ FreeBSD FreeBSD 4.6
+ FreeBSD FreeBSD 4.5 -RELEASE
+ FreeBSD FreeBSD 4.5
OpenSSH OpenSSH 2.5.2
- Caldera OpenUnix 8.0
- Caldera UnixWare 7.1.1
- Wirex Immunix OS 6.2
OpenSSH OpenSSH 2.5.1
+ NetBSD NetBSD 1.5.1
+ S.u.S.E. Linux 7.3
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.1
+ S.u.S.E. Linux Database Server 0
+ S.u.S.E. Linux Firewall on CD
+ S.u.S.E. SuSE eMail Server III
- SCO Open Server 5.0.6 a
- SCO Open Server 5.0.6
- SCO Open Server 5.0.5
- SCO Open Server 5.0.4
- SCO Open Server 5.0.3
- SCO Open Server 5.0.2
- SCO Open Server 5.0.1
- SCO Open Server 5.0
+ SuSE SUSE Linux Enterprise Server 7
OpenSSH OpenSSH 2.5
OpenSSH OpenSSH 2.3
- S.u.S.E. Linux 7.0 sparc
- S.u.S.E. Linux 7.0 ppc
- S.u.S.E. Linux 7.0 i386
- S.u.S.E. Linux 7.0 alpha
- S.u.S.E. Linux 6.4 ppc
- S.u.S.E. Linux 6.4 i386
- S.u.S.E. Linux 6.4 alpha
OpenSSH OpenSSH 2.2
+ Conectiva Linux 6.0
+ NetBSD NetBSD 1.5
OpenSSH OpenSSH 2.1.1
+ Conectiva Linux 5.1
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0 ppc
+ S.u.S.E. Linux 7.0 i386
+ S.u.S.E. Linux 7.0 alpha
OpenSSH OpenSSH 2.1
OpenBSD OpenBSD 2.8
OpenSSH OpenSSH 3.1

- 不受影响的程序版本

OpenSSH OpenSSH 3.1

- 漏洞讨论

OpenSSH is a suite implementing the SSH protocol. It includes client and server software, and supports ssh and sftp. It was initially developed for BSD, but is also widely used for Linux, Solaris, and other UNIX-like operating systems.

A vulnerability has been announced in some versions of OpenSSH. An off-by-one error occurs in the channel code. A malicious client may exploit this vulnerability by connecting to a vulnerable server. Valid credentials are believed to be required, since the exploitable condition reportedly occurs after successful authentication. An examination of the code suggests this, but it has not been confirmed by the maintainer.

Administrators should assume that this can be exploited without authentication and should patch vulnerable versions immediately.

- 漏洞利用

UPDATE: Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.

Attackers may be exploiting this vulnerability in the wild, but this has not been confirmed.

A proof-of-concept exploit has been provided by "Morgan" <morgan@sexter.com>:

- 解决方案

A patch has been provided by the OpenSSH team:

diff -u -r1.170 -r1.171
--- channels.c 27 Feb 2002 21:23:13 -0000 1.170
+++ channels.c 4 Mar 2002 19:37:58 -0000 1.171
@@ -146,7 +146,7 @@
{
Channel *c;

- if (id < 0 || id > channels_alloc) {
+ if (id < 0 || id >= channels_alloc) {
log("channel_lookup: %d: bad id", id);
return NULL;
}

Updated versions are available.

Please see the references for more information.


OpenSSH OpenSSH 2.1

OpenSSH OpenSSH 2.1.1

OpenSSH OpenSSH 2.2

OpenSSH OpenSSH 2.3

OpenSSH OpenSSH 2.5

OpenSSH OpenSSH 2.5.1

OpenSSH OpenSSH 2.5.2

OpenSSH OpenSSH 2.9

OpenSSH OpenSSH 2.9 p1

OpenSSH OpenSSH 2.9 p2

OpenSSH OpenSSH 2.9.9

OpenSSH OpenSSH 3.0.1

OpenSSH OpenSSH 3.0.2 p1

OpenSSH OpenSSH 3.0.2

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站