发布时间 :2003-10-06 00:00:00
修订时间 :2016-10-17 22:36:40

[原文]Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than CVE-2003-0693.

[CNNVD]OpenSSH 缓冲区管理错误漏洞(CNNVD-200310-010)

        OpenSSH 3.7.1之前的版本存在多个“缓冲区管理错误”。攻击者使用(1)buffer.c的buffer_init,(2)buffer.c的buffer_free,或者(3)channels.c的separate函数导致服务拒绝或者执行任意代码,该漏洞不同于CVE-2003-0693。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:452Mutliple Buffer Management Errors in OpenSSH

- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  TRUSTIX  2003-0033
(UNKNOWN)  BUGTRAQ  20030917 [OpenPKG-SA-2003.040] OpenPKG Security Advisory (openssh)
(UNKNOWN)  BUGTRAQ  20030917 [slackware-security] OpenSSH updated again (SSA:2003-260-01)

- 漏洞信息

OpenSSH 缓冲区管理错误漏洞
高危 未知
2003-10-06 00:00:00 2006-03-28 00:00:00
        OpenSSH 3.7.1之前的版本存在多个“缓冲区管理错误”。攻击者使用(1)buffer.c的buffer_init,(2)buffer.c的buffer_free,或者(3)channels.c的separate函数导致服务拒绝或者执行任意代码,该漏洞不同于CVE-2003-0693。

- 公告与补丁


- 漏洞信息

OpenSSH Multiple Buffer Management Multiple Overflows
Local Access Required, Remote / Network Access Input Manipulation
Loss of Integrity

- 漏洞描述

OpenSSH contains several flaws that may allow remote attackers to execute arbitrary code. The issues occur in the buffer_init and buffer_free functions in buffer.c, as well as an separate function also called buffer_free in channels.c. These functions may provide an attacker with the opportunity to inject custom data that could result in memory manipulation and possibly code execution.

- 时间线

2003-09-16 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 3.7.1 or higher, as it has been reported to fix this vulnerability. Vendor specific patches have also been supplied for earlier versions. Other potential workarounds are to restrict SSH access to trusted hosts or disable the service completely.

- 相关参考

- 漏洞作者

Unknown or Incomplete