| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 2 Oct 2003 10:01:45 -0700 From: security@....com To: announce@...ts.sco.com, bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com Subject: OpenServer 5.0.7 : OpenSSH: multiple buffer handling problems To: announce@...ts.sco.com bugtraq@...urityfocus.com full-disclosure@...ts.netsys.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SCO Security Advisory Subject: OpenServer 5.0.7 : OpenSSH: multiple buffer handling problems Advisory number: CSSA-2003-SCO.24 Issue date: 2003 October 1 Cross reference: sr884749 fz528324 erg712436 CERT VU#33362 CERT VU#602204 CAN-2003-0693 CAN-2003-0786 CAN-2003-0695 CAN-2003-0682 ______________________________________________________________________________ 1. Problem Description Several buffer management errors and memory bugs are corrected by this patch. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to these issues. CAN-2003-0693, CAN-2003-0695, CAN-2003-0682, CAN-2003-0786. The CERT Coordination Center has assigned the following names VU#333628, and VU#602204. CERT VU#333628 / CAN-2003-0693: A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CAN-2003-0695 CAN-2003-0695: Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than CAN-2003-0693. CAN-2003-0682: "Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CAN-2003-0693 and CAN-2003-0695. CERT VU#602204 / CAN-2003-0786: Portable OpenSSH versions 3.7p1 and 3.7.1p1 contain multiple vulnerabilities in the new PAM code. At least one of these bugs is remotely exploitable (under a non-standard configuration, with privsep disabled). OpenServer is not configured to use PAM, so is not vulnerable. 2. Vulnerable Supported Versions System Binaries ---------------------------------------------------------------------- OpenServer 5.0.7 OpenSSH Distribution 3. Solution The proper solution is to install the latest packages. 4. OpenServer 5.0.7 4.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.24 4.2 Verification MD5 (VOL.000.000) = f36194ca559c850794874f9c7a0b2a18 MD5 (VOL.000.001) = 02b76bd551a0a95f2544b8999c6fbcbf MD5 (VOL.000.002) = 6818513c946dbcd43a3f34fc19ef79fc MD5 (VOL.000.003) = 8149c475968c3d7318eda33f30ce8045 md5 is available for download from ftp://ftp.sco.com/pub/security/tools 4.3 Installing Fixed Binaries Upgrade the affected binaries with the following sequence: 1) Download the VOL* files to the /tmp directory 2) Run the custom command, specify an install from media images, and specify the /tmp directory as the location of the images. 5. References Specific references for this advisory: http://www.openssh.com/txt/buffer.adv http://www.mindrot.org/pipermail/openssh-unix-announce/2003-September/000063.html http://www.freebsd.org/cgi/cvsweb.cgi/~checkout~/ports/security/openssh/files/patch-buffer.c http://marc.theaimsgroup.com/?l=openbsd-misc&m=106371592604940 http://marc.theaimsgroup.com/?l=openbsd-security-announce&m=106375582924840 SCO security resources: http://www.sco.com/support/security/index.html This security fix closes SCO incidents sr884749 fz528324 erg712436. 6. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (SCO/UNIX_SVR5) iD8DBQE/eyW6aqoBO7ipriERAugiAJwP8ehQ81QNC7EuX8NEkINrtvII0gCfTbZl HrkB1nNF8uxgUSgnWHR61O4= =p5ga -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists