CVE-2003-0693
CVSS10.0
发布时间 :2003-09-22 00:00:00
修订时间 :2016-10-17 22:36:38
NMCOS    

[原文]A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695.


[CNNVD]OpenSSH缓冲区管理操作远程溢出漏洞(CNNVD-200309-032)

        
        OpenSSH是一种开放源码的SSH协议的实现,初始版本用于OpenBSD平台,现在已经被移植到多种Unix/Linux类操作系统下。
        3.7版本之前的OpenSSH包含一个缓冲区管理错误,远程攻击者可能利用这个漏洞进行拒绝服务或者可能以OpenSSH进程权限在系统上执行任意指令。
        当OpenSSH接收到一个长度超过已分配缓冲区大小的数据包时会试图重新分配一块大的内存,这时记录当前缓冲区大小的变量值会相应增加,新长度值会被检查是否符合要求,如果检查失败会调用fatal()来清理并退出,在某些情况下,执行清理工作的代码可能会按新缓冲区长度的大小去释放那个实际并没有扩大的缓冲区,结果导致缓冲区外的数据被重写为NULL值。这样可能造成拒绝服务攻击或执行任意指令。
        

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:447Mutliple Buffer Management Errors in OpenSSH II
oval:org.mitre.oval:def:2719Buffer Management Error in OpenSSH
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0693
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0693
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200309-032
(官方数据源) CNNVD

- 其它链接及资源

http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010103.html
(UNKNOWN)  FULLDISC  20030915 new ssh exploit?
http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010135.html
(UNKNOWN)  FULLDISC  20030915 openssh remote exploit
http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010146.html
(UNKNOWN)  FULLDISC  20030916 The lowdown on SSH vulnerability
http://marc.info/?l=bugtraq&m=106373247528528&w=2
(UNKNOWN)  BUGTRAQ  20030916 OpenSSH Buffer Management Bug Advisory
http://marc.info/?l=bugtraq&m=106373546332230&w=2
(UNKNOWN)  REDHAT  RHSA-2003:279
http://marc.info/?l=bugtraq&m=106374466212309&w=2
(UNKNOWN)  BUGTRAQ  20030916 [slackware-security] OpenSSH Security Advisory (SSA:2003-259-01)
http://marc.info/?l=bugtraq&m=106381396120332&w=2
(UNKNOWN)  TRUSTIX  2003-0033
http://marc.info/?l=bugtraq&m=106381409220492&w=2
(UNKNOWN)  BUGTRAQ  20030917 [OpenPKG-SA-2003.040] OpenPKG Security Advisory (openssh)
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000620.1-1
(UNKNOWN)  SUNALERT  1000620
http://www.cert.org/advisories/CA-2003-24.html
(UNKNOWN)  CERT  CA-2003-24
http://www.debian.org/security/2003/dsa-382
(UNKNOWN)  DEBIAN  DSA-382
http://www.debian.org/security/2003/dsa-383
(UNKNOWN)  DEBIAN  DSA-383
http://www.kb.cert.org/vuls/id/333628
(VENDOR_ADVISORY)  CERT-VN  VU#333628
http://www.mandriva.com/security/advisories?name=MDKSA-2003:090
(UNKNOWN)  MANDRAKE  MDKSA-2003:090
http://www.openssh.com/txt/buffer.adv
(UNKNOWN)  CONFIRM  http://www.openssh.com/txt/buffer.adv
http://www.redhat.com/support/errata/RHSA-2003-280.html
(UNKNOWN)  REDHAT  RHSA-2003:280
http://xforce.iss.net/xforce/xfdb/13191
(VENDOR_ADVISORY)  XF  openssh-packet-bo(13191)

- 漏洞信息

OpenSSH缓冲区管理操作远程溢出漏洞
危急 边界条件错误
2003-09-22 00:00:00 2006-03-28 00:00:00
远程  
        
        OpenSSH是一种开放源码的SSH协议的实现,初始版本用于OpenBSD平台,现在已经被移植到多种Unix/Linux类操作系统下。
        3.7版本之前的OpenSSH包含一个缓冲区管理错误,远程攻击者可能利用这个漏洞进行拒绝服务或者可能以OpenSSH进程权限在系统上执行任意指令。
        当OpenSSH接收到一个长度超过已分配缓冲区大小的数据包时会试图重新分配一块大的内存,这时记录当前缓冲区大小的变量值会相应增加,新长度值会被检查是否符合要求,如果检查失败会调用fatal()来清理并退出,在某些情况下,执行清理工作的代码可能会按新缓冲区长度的大小去释放那个实际并没有扩大的缓冲区,结果导致缓冲区外的数据被重写为NULL值。这样可能造成拒绝服务攻击或执行任意指令。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 在边界或者主机防火墙上过滤不可信任IP对SSH服务的访问请求,通常是22/TCP端口。
        * 使用权限分隔来使影响最小化
        运行OpenSSH 3.2或更高版本的系统管理员可以通过在sshd配置文件中使用"UsePrivilegeSeparation"配置选项来降低这个漏洞的影响。一般来讲,可以通过创建privsep用户,设置受限制的(chroot)环境,然后向/etc/ssh/sshd_config中添加以下命令行来实现上述操作:
         UsePrivilegeSeparation yes
        这个临时解决方案不能防止攻击者利用这个漏洞,但由于权限分隔机制,攻击者会被局限在仅有受限权限的受限制的chroot环境中。这个临时解决方案不能防止漏洞导致拒绝服务。不是所有的操作系统厂商都执行了权限分隔代码,在某些操作系统中代码还可能限制OpenSSH的功能。
        厂商补丁:
        Debian
        ------
        Debian已经为此发布了一个安全公告(DSA-382-1)以及相应补丁:
        DSA-382-1:OpenSSH buffer management fix
        链接:
        http://www.debian.org/security/2002/dsa-382

        补丁下载:
        Source archives:
        
        http://security.debian.org/pool/updates/main/o/openssh/openssh_3.4p1-1.1.diff.gz

        Size/MD5 checksum: 36506 9defe00f0297a22395b2f17e34bae852
        
        http://security.debian.org/pool/updates/main/o/openssh/openssh_3.4p1-1.1.dsc

        Size/MD5 checksum: 1338 8fc3790171311bcf8fe202edf884e000
        alpha architecture (DEC Alpha)
        
        http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.1_alpha.deb

        Size/MD5 checksum: 849796 9125f955f4649ee1d8ec942b051f67e1
        
        http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.1_alpha.deb

        Size/MD5 checksum: 35724 93863e66e77fc7c6cca09636e01fce96
        arm architecture (ARM)
        
        http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.1_arm.deb

        Size/MD5 checksum: 658012 21675964771355a0ae456fc5927245b2
        
        http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.1_arm.deb

        Size/MD5 checksum: 34958 6abebe99d34e7c4a1bbcddcffe50ca6e
        hppa architecture (HP PA RISC)
        
        http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.1_hppa.deb

        Size/MD5 checksum: 35318 b3bc13ec29b99687e8165a8250695e3c
        
        http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.1_hppa.deb

        Size/MD5 checksum: 755464 100a06cde2e02486502fef1283777102
        i386 architecture (Intel ia32)
        
        http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.1_i386.deb

        Size/MD5 checksum: 642460 ee27cd953e87b32e6b1c1b09fcdb7aa2
        
        http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.1_i386.deb

        Size/MD5 checksum: 35236 caf803cd286646300d68576724cf236a
        ia64 architecture (Intel ia64)
        
        http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.1_ia64.deb

        Size/MD5 checksum: 36728 90006b98e1a29a9e631ee335f9596262
        
        http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.1_ia64.deb

        Size/MD5 checksum: 1002494 9bf4331e06a35a025ee8617fece7fa4c
        mips architecture (MIPS (Big Endian))
        
        http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.1_mips.deb

        Size/MD5 checksum: 35246 866ebeefc0d64307f78c0aa49f2eb470
        
        http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.1_mips.deb

        Size/MD5 checksum: 729782 67b72adc6041f24eeeb0d35cb37a27e6
        mipsel architecture (MIPS (Little Endian))
        
        http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.1_mipsel.deb

        Size/MD5 checksum: 35208 bf5051b7e2f41ce571f5161578db62f9
        
        http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.1_mipsel.deb

        Size/MD5 checksum: 727196 96122a4ac373f66b2218ec4febecff27
        m68k architecture (Motorola Mc680x0)
        
        http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.1_m68k.deb

        Size/MD5 checksum: 35166 2f6b556a3c3a18ccf31933976ef48186
        
        http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.1_m68k.deb

        Siz
        补丁安装方法:
        1. 手工安装补丁包:
         首先,使用下面的命令来下载补丁软件:
         # wget url (url是补丁下载链接地址)
         然后,使用下面的命令来安装补丁:
         # dpkg -i file.deb (file是相应的补丁名)
        2. 使用apt-get自动安装补丁包:
         首先,使用下面的命令更新内部数据库:
         # apt-get update
        
         然后,使用下面的命令安装更新软件包:
         # apt-get upgrade
        FreeBSD
        -------
        FreeBSD已经为此发布了一个安全公告(FreeBSD-SA-03:12)以及相应补丁:
        FreeBSD-SA-03:12:OpenSSH buffer management error
        链接:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:12.openssh.asc
        已确认以下补丁已被应用到更正日期之前的FreeBSD 4.x和FreeBSD 5.x系统中。
        从以下位置下载合适的补丁及相关的PGP签名,并使用PGP工具验证签名。
        [FreeBSD 4.3到4.5]
        # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:12/buffer45.patch
        # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:12/buffer45.patch.asc
        [FreeBSD 4.6 and later, FreeBSD 5.0 and later]
        # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:12/buffer46.patch
        # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:12/buffer46.patch.asc
        以root执行以下命令:
        # cd /usr/src
        # patch < /path/to/sshd.patch
        # cd /usr/src/secure/lib/libssh
        # make depend && make all install
        # cd /usr/src/secure/usr.sbin/sshd
        # make depend && make all install
        # cd /usr/src/secure/usr.bin/ssh
        # make depend && make all install
        确认在升级后重启`sshd'。
        # kill `cat /var/run/sshd.pid`
        # (. /etc/rc.conf && ${sshd_program:-/usr/bin/sshd} ${sshd_flags})
        [对于OpenSSH port]
        执行以下步骤之一:
        1) 升级你的全部port集合并重建OpenSSH port。
        2) 卸载旧的软件包并安装以下目录中的新软件包:
        [i386]
        ftp://ftp.FreeBSD.org/pu

- 漏洞信息

3456
OpenSSH buffer_append_space() Heap Corruption
Local Access Required, Remote / Network Access Denial of Service, Input Manipulation
Loss of Integrity
Vendor Verified

- 漏洞描述

A remote overflow exists in the buffer_append_space of buffer.c in OpenSSH. OpenSSH fails to check the amount of memory being freed, resulting in a buffer overflow. With a specially crafted request, an attacker can cause denial of service or execution of arbitrary code, resulting in a loss of integrity and/or availability.

- 时间线

2003-09-16 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 3.7 or higher, as it has been reported to fix this vulnerability. Vendor specific patches have also been supplied for earlier versions. Other potential workarounds are to restrict SSH access to trusted hosts or disable the service completely.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

OpenSSH Buffer Mismanagement Vulnerabilities
Boundary Condition Error 8628
Yes No
2003-09-16 12:00:00 2009-11-05 11:47:00
These issues were reportedly discovered by Mark Dowd, the OpenSSH team and Solar Designer.

- 受影响的程序版本

Sun Solaris 9_x86
Sun Solaris 9
Sun Cobalt RaQ 550
Stonesoft StoneGate 2.2.1
Stonesoft StoneGate 2.2
Stonesoft StoneGate 2.1
Stonesoft StoneGate 2.0.9
Stonesoft StoneGate 2.0.8
Stonesoft StoneGate 2.0.7
Stonesoft StoneGate 2.0.6
Stonesoft StoneGate 2.0.5
Stonesoft StoneGate 2.0.4
Stonesoft StoneGate 2.0.1
Stonesoft StoneGate 1.7.2
Stonesoft StoneGate 1.7.1
Stonesoft StoneGate 1.7
Stonesoft StoneGate 1.6.3
Stonesoft StoneGate 1.6.2
Stonesoft StoneGate 1.5.18
Stonesoft StoneGate 1.5.17
Snapgear Snapgear OS 1.8.4
SGI IRIX 6.5.22
SGI IRIX 6.5.21 m
SGI IRIX 6.5.21 f
SGI IRIX 6.5.21
SGI IRIX 6.5.20 m
SGI IRIX 6.5.20 f
SGI IRIX 6.5.20
SGI IRIX 6.5.19 m
SGI IRIX 6.5.19 f
SGI IRIX 6.5.19
SCO Open Server 5.0.7
RedHat openssh-server-3.5p1-6.i386.rpm
RedHat openssh-server-3.4p1-2.i386.rpm
+ RedHat Linux 8.0 i386
RedHat openssh-server-3.1p1-3.i386.rpm
RedHat openssh-server-2.9p2-7.ia64.rpm
RedHat openssh-server-2.9p2-7.i386.rpm
RedHat openssh-server-2.5.2p2-5.i386.rpm
RedHat openssh-clients-3.5p1-6.i386.rpm
+ RedHat Linux 9.0 i386
RedHat openssh-clients-3.4p1-2.i386.rpm
+ RedHat Linux 8.0 i386
RedHat openssh-clients-3.1p1-3.i386.rpm
RedHat openssh-clients-2.9p2-7.ia64.rpm
+ RedHat Linux 7.2 ia64
RedHat openssh-clients-2.9p2-7.i386.rpm
RedHat openssh-clients-2.5.2p2-5.i386.rpm
RedHat openssh-askpass-gnome-3.5p1-6.i386.rpm
RedHat openssh-askpass-gnome-3.4p1-2.i386.rpm
RedHat openssh-askpass-gnome-3.1p1-3.i386.rpm
RedHat openssh-askpass-gnome-2.9p2-7.ia64.rpm
RedHat openssh-askpass-gnome-2.9p2-7.i386.rpm
RedHat openssh-askpass-gnome-2.5.2p2-5.i386.rpm
+ RedHat Linux 7.1
RedHat openssh-askpass-3.5p1-6.i386.rpm
RedHat openssh-askpass-3.4p1-2.i386.rpm
RedHat openssh-askpass-3.1p1-3.i386.rpm
RedHat openssh-askpass-2.9p2-7.ia64.rpm
RedHat openssh-askpass-2.9p2-7.i386.rpm
RedHat openssh-askpass-2.5.2p2-5.i386.rpm
RedHat openssh-3.5p1-6.i386.rpm
+ RedHat Linux 9.0 i386
RedHat openssh-3.4p1-2.i386.rpm
RedHat openssh-3.1p1-3.i386.rpm
+ RedHat Linux 7.3 i386
RedHat openssh-2.9p2-7.ia64.rpm
+ RedHat Linux 7.2 ia64
RedHat openssh-2.9p2-7.i386.rpm
+ RedHat Linux 7.2
RedHat openssh-2.5.2p2-5.i386.rpm
OpenSSH OpenSSH 3.7 p1
OpenSSH OpenSSH 3.7
OpenSSH OpenSSH 3.6.1 p2
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Multi Network Firewall 2.0
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Trustix Secure Linux 2.0
OpenSSH OpenSSH 3.6.1 p1
OpenSSH OpenSSH 3.6.1
OpenSSH OpenSSH 3.5 p1
OpenSSH OpenSSH 3.5
OpenSSH OpenSSH 3.4 p1-1
OpenSSH OpenSSH 3.4 p1
OpenSSH OpenSSH 3.4
OpenSSH OpenSSH 3.3 p1
OpenSSH OpenSSH 3.3
OpenSSH OpenSSH 3.2.3 p1
OpenSSH OpenSSH 3.2.2 p1
OpenSSH OpenSSH 3.2
OpenSSH OpenSSH 3.1 p1
OpenSSH OpenSSH 3.1
OpenSSH OpenSSH 3.0.2 p1
OpenSSH OpenSSH 3.0.2
OpenSSH OpenSSH 3.0.1 p1
OpenSSH OpenSSH 3.0.1
OpenSSH OpenSSH 3.0 p1
OpenSSH OpenSSH 3.0
OpenSSH OpenSSH 2.9.9
+ NetBSD NetBSD 1.5.2
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.2
OpenBSD OpenBSD 3.3
OpenBSD OpenBSD 3.2
NetBSD NetBSD 1.6.1
NetBSD NetBSD 1.6
NetBSD NetBSD 1.5.3
NetBSD NetBSD 1.5.2
NetBSD NetBSD 1.5.1
NetBSD NetBSD 1.5
NetApp SecureAdmin for NetCache 5.5
NetApp SecureAdmin 3.0
Foundry Networks ServerIronXL/G
Foundry Networks ServerIronXL
Foundry Networks ServerIron800
Foundry Networks ServerIron400
Foundry Networks ServerIron 7.1 .09
Foundry Networks ServerIron 6.0
Foundry Networks ServerIron 5.1.10 t12
Foundry Networks Ironview
Foundry Networks FastIron 7.1 .09
Foundry Networks EdgeIron 4802F 0
Foundry Networks BigIron 7.1 .09
F-Secure SSH 1.3.14
Cray Cray Open Software 3.0
Cisco WebNS 7.2 0.0.03
Cisco WebNS 7.1 0.2.06
+ Cisco CSS11000 Content Services Switch
+ Cisco CSS11050 Content Services Switch
+ Cisco CSS11150 Content Services Switch
+ Cisco CSS11501 Content Services Switch
+ Cisco CSS11503 Content Services Switch
+ Cisco CSS11506 Content Services Switch
+ Cisco CSS11800 Content Services Switch
Cisco WebNS 7.1 0.1.02
Cisco WebNS 6.10 B4
Cisco WebNS 6.10
Cisco SN 5428 Storage Router SN5428-3.3.2-K9
Cisco SN 5428 Storage Router SN5428-3.3.1-K9
Cisco SN 5428 Storage Router SN5428-3.2.2-K9
Cisco SN 5428 Storage Router SN5428-3.2.1-K9
Cisco SN 5428 Storage Router SN5428-2.5.1-K9
Cisco SN 5428 Storage Router SN5428-2-3.3.2-K9
Cisco SN 5428 Storage Router SN5428-2-3.3.1-K9
Cisco Secure Intrusion Detection System (NetRanger) 0
Cisco PGW2200 Softswitch
Cisco GSS 4480 Global Site Selector
Cisco CSS11800 Content Services Switch
Cisco CSS11506 Content Services Switch
Cisco CSS11503 Content Services Switch
Cisco CSS11501 Content Services Switch
Cisco CSS11150 Content Services Switch
Cisco CSS11050 Content Services Switch
Cisco CSS11000 Content Services Switch
Cisco CiscoWorks 1105 Wireless LAN Solution Engine
Cisco CiscoWorks 1105 Hosting Solution Engine
Cisco CatOS 7.6 (1)
Cisco CatOS 7.6
Cisco CatOS 7.5 (1)
Cisco CatOS 7.5
Cisco CatOS 7.4 (3)
Cisco CatOS 7.4 (2)
Cisco CatOS 7.4 (1)
Cisco CatOS 7.4 (0.63)
Cisco CatOS 7.4 (0.2)CLR
Cisco CatOS 7.4
Cisco CatOS 7.3 (2)
Cisco CatOS 7.3 (1)
Cisco CatOS 7.3
Cisco CatOS 7.2 (2)
Cisco CatOS 7.2 (1)
Cisco CatOS 7.2 (0.65)
Cisco CatOS 7.1 (2a)
Cisco CatOS 7.1 (2)
Cisco CatOS 7.1 (1a)
Cisco CatOS 7.1 (1)
Cisco CatOS 6.4 (3)
Cisco CatOS 6.4 (2)
Cisco CatOS 6.4 (1)
Cisco CatOS 6.3 (9)
Cisco CatOS 6.3 (8.3)
Cisco CatOS 6.3 (8)
Cisco CatOS 6.3 (7)
Cisco CatOS 6.3 (6)
Cisco CatOS 6.3 (5.10)
Cisco CatOS 6.3 (5)
Cisco CatOS 6.3 (4a)
Cisco CatOS 6.3 (4)
Cisco CatOS 6.3 (3a)
Cisco CatOS 6.3 (3)x1
Cisco CatOS 6.3 (3)x
Cisco CatOS 6.3 (3)
Cisco CatOS 6.3 (2a)
Cisco CatOS 6.3 (2)
Cisco CatOS 6.3 (1a)
Cisco CatOS 6.3 (10)
Cisco CatOS 6.3 (1)
Cisco CatOS 6.2 (3a)
Cisco CatOS 6.2 (3)
Cisco CatOS 6.2 (2a)
Cisco CatOS 6.2 (2)
Cisco CatOS 6.2 (1a)
Cisco CatOS 6.2 (1)
Cisco CatOS 6.1 (4b)
Cisco CatOS 6.1 (4)
Cisco CatOS 6.1 (3a)
Cisco CatOS 6.1 (3)
Cisco CatOS 6.1 (2a)
Cisco CatOS 6.1 (2)
Cisco CatOS 6.1 (1e)
Cisco CatOS 6.1 (1d)
Cisco CatOS 6.1 (1c)
Cisco CatOS 6.1 (1b)
Cisco CatOS 6.1 (1a)
Cisco CatOS 6.1 (1)
Cisco CatOS 6.1
Cisco CatOS 5.5 (9)
Cisco CatOS 5.5 (8a)CV
Cisco CatOS 5.5 (8a)
Cisco CatOS 5.5 (8)
Cisco CatOS 5.5 (7a)
Cisco CatOS 5.5 (7)
Cisco CatOS 5.5 (6a)
Cisco CatOS 5.5 (6)
Cisco CatOS 5.5 (5)
Cisco CatOS 5.5 (4b)
Cisco CatOS 5.5 (4a)
Cisco CatOS 5.5 (4)
Cisco CatOS 5.5 (3)
Cisco CatOS 5.5 (2)
Cisco CatOS 5.5 (1a)
Cisco CatOS 5.5 (19)
Cisco CatOS 5.5 (18)
Cisco CatOS 5.5 (17)
Cisco CatOS 5.5 (16.2)
Cisco CatOS 5.5 (16)
Cisco CatOS 5.5 (15)
Cisco CatOS 5.5 (14)
Cisco CatOS 5.5 (13a)
Cisco CatOS 5.5 (13.5)
Cisco CatOS 5.5 (13)
Cisco CatOS 5.5 (12a)
Cisco CatOS 5.5 (12)
Cisco CatOS 5.5 (11a)
Cisco CatOS 5.5 (11)
Cisco CatOS 5.5 (10a)
Cisco CatOS 5.5 (10)
Cisco CatOS 5.5 (1)
Cisco CatOS 5.5
Cisco CatOS 5.4 (4a)
Cisco CatOS 5.4 (4)
Cisco CatOS 5.4 (3)
Cisco CatOS 5.4 (2a)
Cisco CatOS 5.4 (2)
Cisco CatOS 5.4 (1)
Cisco CatOS 5.4
Cisco CatOS 5.3 (6a)CSX
Cisco CatOS 5.3 (6)CSX
Cisco CatOS 5.3 (5a)CSX
Cisco CatOS 5.3 (5)CSX
Cisco CatOS 5.3 (4)CSX
Cisco CatOS 5.3 (3)CSX
Cisco CatOS 5.3 (2)CSX
Cisco CatOS 5.3 (1a)CSX
Cisco CatOS 5.2 (7a)
Cisco CatOS 5.2 (7)
Cisco CatOS 5.2 (6)
Cisco CatOS 5.2 (5)
Cisco CatOS 5.2 (4)
Cisco CatOS 5.2 (3a)CSX
Cisco CatOS 5.2 (3)CSX
Cisco CatOS 5.2 (3)
Cisco CatOS 5.2 (2)CSX
Cisco CatOS 5.2 (2)
Cisco CatOS 5.2 (1)CSX
Cisco CatOS 5.2 (1)
Cisco CatOS 5.1 (2b)
Cisco CatOS 5.1 (2a)
Cisco CatOS 5.1 (1a)CSX
Cisco CatOS 5.1 (1a)
Cisco CatOS 5.1 (1)CSX
Cisco CatOS 5.1 (1)
Cisco CatOS 4.5 (9)
Cisco CatOS 4.5 (8)
Cisco CatOS 4.5 (7)
Cisco CatOS 4.5 (6a)
Cisco CatOS 4.5 (6)
Cisco CatOS 4.5 (5)
Cisco CatOS 4.5 (4)
Cisco CatOS 4.5 (3)
Cisco CatOS 4.5 (2)
Cisco CatOS 4.5 (13a)
Cisco CatOS 4.5 (13)
Cisco CatOS 4.5 (12a)
Cisco CatOS 4.5 (12)
Cisco CatOS 4.5 (11)
Cisco CatOS 4.5 (10)
Cisco CatOS 4.5 (1)
Cisco CatOS 4.4 (1)
Cisco CatOS 4.3 (1a)
Cisco CatOS 4.2 (2)
Cisco CatOS 4.2 (1)
Cisco CatOS 4.1 (3)
Cisco CatOS 4.1 (2)
Cisco CatOS 4.1 (1)
Cisco Catalyst 7600 3.1 (1a)WS-X6380-NAM
Cisco Catalyst 7600 3.1 (1a)WS-SVC-NAM-2
Cisco Catalyst 7600 3.1 (1a)WS-SVC-NAM-1
Cisco Catalyst 7600 2.2 (1a)WS-SVC-NAM-2
Cisco Catalyst 7600 2.2 (1a)WS-SVC-NAM-1
Cisco Catalyst 7600 2.1 (2)WS-X6380-NAM
Cisco Catalyst 6500 3.1 (1a)WS-X6380-NAM
Cisco Catalyst 6500 3.1 (1a)WS-SVC-NAM-2
Cisco Catalyst 6500 3.1 (1a)WS-SVC-NAM-1
Cisco Catalyst 6500 2.2 (1a)WS-SVC-NAM-2
Cisco Catalyst 6500 2.2 (1a)WS-SVC-NAM-1
Cisco Catalyst 6500 2.1 (2)WS-X6380-NAM
Cisco Catalyst 6000 7.6 (1)
Cisco Catalyst 6000 7.5 (1)
Cisco Catalyst 6000 7.1 (2)
Cisco Catalyst 6000 7.1
Cisco Catalyst 6000 6.3 (4)
Cisco Catalyst 6000 6.3 (0.7)PAN
Cisco Catalyst 6000 6.2 (0.111)
Cisco Catalyst 6000 6.2 (0.110)
Cisco Catalyst 6000 6.1 (2.13)
Cisco Catalyst 6000 6.1 (1c)
Cisco Catalyst 6000 6.1 (1b)
Cisco Catalyst 6000 6.1 (1a)
Cisco Catalyst 6000 6.1 (1)
Cisco Catalyst 6000 5.5 (4b)
Cisco Catalyst 6000 5.5 (4a)
Cisco Catalyst 6000 5.5 (4)
Cisco Catalyst 6000 5.5 (3)
Cisco Catalyst 6000 5.5 (2)
Cisco Catalyst 6000 5.5 (13)
Cisco Catalyst 6000 5.5 (1)
Cisco Catalyst 6000 5.5
Cisco Catalyst 6000 5.4.1
Cisco Catalyst 6000 5.4 (4)
Cisco Catalyst 6000 5.4 (3)
Cisco Catalyst 6000 5.4 (2)
Cisco Catalyst 6000 5.4 (1)
Cisco Catalyst 6000 5.4
Cisco Catalyst 6000 5.3 (6)CSX
Cisco Catalyst 6000 5.3 (5a)CSX
Cisco Catalyst 6000 5.3 (5)CSX
Cisco Catalyst 6000 5.3 (4)CSX
Cisco Catalyst 6000 5.3 (3)CSX
Cisco Catalyst 6000 5.3 (2)CSX
Cisco Catalyst 6000 5.3 (1a)CSX
Cisco Catalyst 6000 5.3 (1)CSX
Cisco Catalyst 6000 3.1 (1a)WS-X6380-NAM
Cisco Catalyst 6000 3.1 (1a)WS-SVC-NAM-2
Cisco Catalyst 6000 3.1 (1a)WS-SVC-NAM-1
Cisco Catalyst 6000 2.2 (1a)WS-SVC-NAM-2
Cisco Catalyst 6000 2.2 (1a)WS-SVC-NAM-1
Cisco Catalyst 6000 2.1 (2)WS-X6380-NAM
Cisco Catalyst 5000 6.3 (4)
Cisco Catalyst 5000 6.1 (3)
Cisco Catalyst 5000 6.1 (2)
Cisco Catalyst 5000 6.1 (1c)
Cisco Catalyst 5000 6.1 (1b)
Cisco Catalyst 5000 6.1 (1a)
Cisco Catalyst 5000 6.1 (1)
Cisco Catalyst 5000 5.5 (7)
Cisco Catalyst 5000 5.5 (6)
Cisco Catalyst 5000 5.5 (4b)
Cisco Catalyst 5000 5.5 (4)
Cisco Catalyst 5000 5.5 (3)
Cisco Catalyst 5000 5.5 (2)
Cisco Catalyst 5000 5.5 (13)
Cisco Catalyst 5000 5.5 (1)
Cisco Catalyst 5000 5.4.1
Cisco Catalyst 5000 5.4 (4)
Cisco Catalyst 5000 5.4 (3)
Cisco Catalyst 5000 5.4 (2)
Cisco Catalyst 5000 5.4 (1)
Cisco Catalyst 5000 5.2 (4)
Cisco Catalyst 5000 5.2 (3)
Cisco Catalyst 5000 5.2 (2)
Cisco Catalyst 5000 5.2 (1)
Cisco Catalyst 5000 5.2
Cisco Catalyst 5000 5.1 (2a)
Cisco Catalyst 5000 5.1 (1)
Cisco Catalyst 5000 5.1
Cisco Catalyst 5000 4.5 (9)
Cisco Catalyst 5000 4.5 (8)
Cisco Catalyst 5000 4.5 (7)
Cisco Catalyst 5000 4.5 (6)
Cisco Catalyst 5000 4.5 (5)
Cisco Catalyst 5000 4.5 (4b)
Cisco Catalyst 5000 4.5 (4)
Cisco Catalyst 5000 4.5 (3)
Cisco Catalyst 5000 4.5 (2)
Cisco Catalyst 5000 4.5 (13a)
Cisco Catalyst 5000 4.5 (12)
Cisco Catalyst 5000 4.5 (11)
Cisco Catalyst 5000 4.5 (10)
Cisco Catalyst 5000
Cisco Catalyst 4912G
Cisco Catalyst 4000 7.6 (1)
Cisco Catalyst 4000 7.5 (1)
Cisco Catalyst 4000 7.1.2
Cisco Catalyst 4000 7.1 (2)
Cisco Catalyst 4000 7.1
Cisco Catalyst 4000 6.3.5
Cisco Catalyst 4000 6.3 (4)
Cisco Catalyst 4000 6.1 (1c)
Cisco Catalyst 4000 6.1 (1b)
Cisco Catalyst 4000 6.1 (1a)
Cisco Catalyst 4000 6.1 (1)
Cisco Catalyst 4000 5.5.5
Cisco Catalyst 4000 5.5 (4b)
Cisco Catalyst 4000 5.5 (4)
Cisco Catalyst 4000 5.5 (3)
Cisco Catalyst 4000 5.5 (2)
Cisco Catalyst 4000 5.5 (13)
Cisco Catalyst 4000 5.5 (1)
Cisco Catalyst 4000 5.5
Cisco Catalyst 4000 5.4.1
Cisco Catalyst 4000 5.4 (3)
Cisco Catalyst 4000 5.4 (2)
Cisco Catalyst 4000 5.4 (1)
Cisco Catalyst 4000 5.4
Cisco Catalyst 4000 5.2 (7)
Cisco Catalyst 4000 5.2 (6)
Cisco Catalyst 4000 5.2 (5)
Cisco Catalyst 4000 5.2 (4)
Cisco Catalyst 4000 5.2 (2)
Cisco Catalyst 4000 5.2 (1a)
Cisco Catalyst 4000 5.2 (1)
Cisco Catalyst 4000 5.2
Cisco Catalyst 4000 5.1 (2a)
Cisco Catalyst 4000 5.1 (1a)
Cisco Catalyst 4000 5.1 (1)
Cisco Catalyst 4000 5.1
Cisco Catalyst 4000 4.5 (9)
Cisco Catalyst 4000 4.5 (8)
Cisco Catalyst 4000 4.5 (7)
Cisco Catalyst 4000 4.5 (6)
Cisco Catalyst 4000 4.5 (5)
Cisco Catalyst 4000 4.5 (4b)
Cisco Catalyst 4000 4.5 (4)
Cisco Catalyst 4000 4.5 (3)
Cisco Catalyst 4000 4.5 (2)
Cisco Catalyst 4000 4.5 (10)
Cisco Catalyst 4000
Cisco Catalyst 2948G
Cisco Catalyst 2900 5.5 (13)
Cisco Catalyst 2980G-A
Cisco Catalyst 2980G
Caldera OpenLinux Workstation 3.1.1
Caldera OpenLinux Server 3.1.1
Blue Coat Systems SGME 2.1.6
Blue Coat Systems SG2 Secure Proxy 0
Blue Coat Systems Security Gateway OS 3.1
Blue Coat Systems Security Gateway OS 2.1.5001 SP1
Blue Coat Systems Security Gateway OS 2.1.9
Blue Coat Systems ProxySG 0
Blue Coat Systems CacheOS CA/SA 4.1.10
Snapgear Snapgear OS 1.8.5
SGI IRIX 6.5.22
OpenSSH OpenSSH 3.7.1 p1
+ SCO Open Server 5.0.7
OpenSSH OpenSSH 3.7.1
OpenSSH OpenSSH 3.7 p1
OpenSSH OpenSSH 3.7
F-Secure SSH 1.3.15
Cisco CatOS 8.1 (3)

- 不受影响的程序版本

Snapgear Snapgear OS 1.8.5
SGI IRIX 6.5.22
OpenSSH OpenSSH 3.7.1 p1
+ SCO Open Server 5.0.7
OpenSSH OpenSSH 3.7.1
OpenSSH OpenSSH 3.7 p1
OpenSSH OpenSSH 3.7
F-Secure SSH 1.3.15
Cisco CatOS 8.1 (3)

- 漏洞讨论

A buffer-mismanagement vulnerability has been reported in OpenSSH. This issue resides in the 'buffer.c' source file and may potentially be exploited to execute arbitrary code with the privileges of OpenSSH, but this has not been confirmed. The issue may cause a denial of service. This condition can reportedly be triggered by an overly large packet.

There are also unconfirmed rumors of an exploit for this vulnerability circulating in the wild.

OpenSSH has revised their advisory, pointing out a similar issue in the 'channels.c' source file and an additional issue in 'buffer.c'. Solar Designer has also reportedly pointed out additional instances of the problem that may also present vulnerabilities.

- 漏洞利用

Although these issues are not believed to be exploitable to execute arbitrary code, there are rumors of exploits circulating in the wild.

- 解决方案

Fixes are available. Please see the references for details.


RedHat openssh-2.9p2-7.i386.rpm

RedHat openssh-clients-3.4p1-2.i386.rpm

RedHat openssh-clients-2.9p2-7.ia64.rpm

RedHat openssh-2.9p2-7.ia64.rpm

RedHat openssh-server-3.4p1-2.i386.rpm

RedHat openssh-3.1p1-3.i386.rpm

RedHat openssh-askpass-gnome-2.5.2p2-5.i386.rpm

RedHat openssh-clients-3.5p1-6.i386.rpm

RedHat openssh-3.5p1-6.i386.rpm

OpenSSH OpenSSH 2.9.9

OpenSSH OpenSSH 3.0 p1

OpenSSH OpenSSH 3.0.1 p1

OpenSSH OpenSSH 3.1

OpenSSH OpenSSH 3.2.3 p1

OpenSSH OpenSSH 3.6.1 p2

OpenSSH OpenSSH 3.7

SGI IRIX 6.5.20 f

SGI IRIX 6.5.20 m

SGI IRIX 6.5.21 m

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站