[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [linux-security] ALERT: Again: possibility of remote root exploit in openssh (SuSE)
On Wed, Sep 17, 2003 at 07:25:25PM -0700, Martin Siegert wrote:
> Topic
> =====
> more DoS attacks or possibly even remote root exploit in openssh
>
> Problem Description
> ===================
> Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow
> attackers to cause a denial of service or execute arbitrary code using
> (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or
> (3) a separate function in channels.c
>
> These problems are in addition to the similar problems that were reported
> on recently (see http://www.sfu.ca/~siegert/linux-security/msg00199.html).
>
> Upgrading immediately to a fixed version is strongly advised.
>
> Affected Versions
> =================
> versions of openssh prior to 3.7.1p1.
>
> Solution
> ========
> Upgrade to openssh-3.7.1p1 or a patched version for your distribution.
SuSE-7.2, 7.3
-------------
rpm -Fvh openssh-2.9.9p2-156.i386.rpm
SuSE-8.0, 8.1
-------------
rpm -Fvh openssh-3.4p1-215.i386.rpm
SuSE-8.2
--------
rpm -Fvh openssh-3.5p1-107.i586.rpm