lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 7 Nov 2003 10:52:12 -0800
Subject: OpenServer 5.0.7 : OpenSSH: multiple buffer handling problems


Hash: SHA1


			SCO Security Advisory

Subject:		OpenServer 5.0.7 : OpenSSH: multiple buffer handling problems
Advisory number: 	CSSA-2003-SCO.24.1
Issue date: 		2003 November 04
Cross reference: 	sr884749 fz528324 erg712436 CERT VU#33362 CERT VU#602204 CAN-2003-0693  CAN-2003-0786 CAN-2003-0695 CAN-2003-0682

1. Problem Description

	 Version CSSA-2003-SCO.24.0 had a bug which caused it to 
	 work only for a root login.

	 Several buffer management errors and memory bugs are
	 corrected by this patch. 
	 The Common Vulnerabilities and Exposures project 
	 ( has assigned the following
	 names to these issues. CAN-2003-0693, CAN-2003-0695,
	 CAN-2003-0682, CAN-2003-0786. 
	 The CERT Coordination Center has assigned the following 
	 names VU#333628, and VU#602204.

	 CERT VU#333628 / CAN-2003-0693: A "buffer management error"
	 in buffer_append_space of buffer.c for OpenSSH before 3.7
	 may allow remote attackers to execute arbitrary code by
	 causing an incorrect amount of memory to be freed and
	 corrupting the heap, a different vulnerability than
	 CAN-2003-0695: Multiple "buffer management errors" in 
	 OpenSSH before 3.7.1 may allow attackers to cause a denial 
	 of service or execute arbitrary code using (1) buffer_init 
	 in buffer.c, (2) buffer_free in buffer.c, or (3) a separate 
	 function in channels.c, a different vulnerability than 
	 CAN-2003-0682: "Memory bugs" in OpenSSH 3.7.1 and earlier, 
	 with unknown impact, a different set of vulnerabilities 
	 than CAN-2003-0693 and CAN-2003-0695. 
	 CERT VU#602204 / CAN-2003-0786: Portable OpenSSH versions 
	 3.7p1 and 3.7.1p1 contain multiple vulnerabilities in the 
	 new PAM code. At least one of these bugs is remotely 
	 exploitable (under a non-standard configuration, with 
	 privsep disabled). OpenServer is not configured to use PAM, 
	 so is not vulnerable.

2. Vulnerable Supported Versions

	System				Binaries
	OpenServer 5.0.7 		OpenSSH Distribution

3. Solution

	The proper solution is to install the latest packages.

4. OpenServer 5.0.7

	4.1 Install Maintanance Pack 1

	4.2 Install gwxlibs-1.3.2Ag

	4.3 Location of Fixed Binaries

	4.4 Verification

	MD5 (VOL.000.000) = c7b0c3fe58180819e0427d797594ede1
	MD5 (VOL.000.001) = 301a17b2d2226c6dfe9e0606e1fa6e5b
	MD5 (VOL.000.002) = 92bfaf84635b44b8df9702ef58843d34
	MD5 (VOL.000.003) = c3bec5a2af450787a26877079208b3eb

	md5 is available for download from

	4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

	1) Download the VOL* files to the /tmp directory

	2) Run the custom command, specify an install from media
	images, and specify the /tmp directory as the location of
	the images.

5. References

	Specific references for this advisory:

	SCO security resources:

	This security fix closes SCO incidents sr884749 fz528324

6. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers
	intended to promote secure installation and use of SCO


Version: GnuPG v1.2.3 (SCO/UNIX_SVR5)


Powered by blists - more mailing lists