Debian Security Advisory
DSA-382-3 ssh -- possible remote vulnerability
- Date Reported:
- 16 Sep 2003
- Affected Packages:
- ssh
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2003-0693, CVE-2003-0695, CVE-2003-0682.
CERT's vulnerabilities, advisories and incident notes: VU#333628, CA-2003-24. - More information:
-
A bug has been found in OpenSSH's buffer handling where a buffer could be marked as grown when the actual reallocation failed.
DSA-382-2: This advisory is an addition to the earlier DSA-382-1 advisory: two more buffer handling problems have been found in addition to the one described in DSA-382-1. It is not known if these bugs are exploitable, but as a precaution an upgrade is advised.
DSA-382-3: This advisory is an addition to the earlier DSA-382-1 and DSA-382-2 advisories: Solar Designer found four more bugs in OpenSSH that may be exploitable.
For the Debian stable distribution (woody) these bugs have been fixed in version 1:3.4p1-1.woody.3.
- Fixed in:
-
Debian GNU/Linux 3.0 (woody)
- Source:
- http://security.debian.org/pool/updates/main/o/openssh/openssh_3.4p1.orig.tar.gz
- http://security.debian.org/pool/updates/main/o/openssh/openssh_3.4p1-1.woody.3.dsc
- http://security.debian.org/pool/updates/main/o/openssh/openssh_3.4p1-1.woody.3.diff.gz
- http://security.debian.org/pool/updates/main/o/openssh/openssh_3.4p1-1.woody.3.dsc
- Alpha:
- http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_alpha.deb
- http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_alpha.deb
- http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_arm.deb
- http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_arm.deb
- http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_arm.deb
- HP Precision:
- http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_hppa.deb
- http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_hppa.deb
- http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_i386.deb
- http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_i386.deb
- http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_ia64.deb
- http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_ia64.deb
- http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_ia64.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_m68k.deb
- http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_m68k.deb
- http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_m68k.deb
- Big-endian MIPS:
- http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_mips.deb
- http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_mips.deb
- http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_mips.deb
- Little-endian MIPS:
- http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_mipsel.deb
- http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_mipsel.deb
- http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_powerpc.deb
- http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_powerpc.deb
- http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_s390.deb
- http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_s390.deb
- http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_sparc.deb
- http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_sparc.deb
- http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_sparc.deb
MD5 checksums of the listed files are available in the original advisory.
MD5 checksums of the listed files are available in the revised advisory.
MD5 checksums of the listed files are available in the revised advisory.