drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberlauf in openssh
Name: |
Pufferüberlauf in openssh |
|
ID: |
200309-12 |
|
Distribution: |
Gentoo |
|
Plattformen: |
Keine Angabe |
|
Datum: |
Mi, 17. September 2003, 13:00 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
Portable OpenSSH |
|
Originalnachricht |
- --------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200309-12 - ---------------------------------------------------------------------
PACKAGE : openssh SUMMARY : buffer management error DATE : 2003-09-16 22:53 UTC EXPLOIT : remote VERSIONS AFFECTED : <=openssh-3.7_p1 FIXED VERSION : >=openssh-3.7.1_p1 CVE : CAN-2003-0693
- ---------------------------------------------------------------------
quote from advisory:
"All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error. It is uncertain whether this error is potentially exploitable,however, we prefer to see bugs fixed proactively."
read the full advisory at: http://www.openssh.com/txt/buffer.adv
This is a follow up advisory to indicate the further fixes have been made. From the ChangeLog:
- (djm) OpenBSD Sync - markus@cvs.openbsd.org 2003/09/16 21:02:40 [buffer.c channels.c version.h] more malloc/fatal fixes; ok millert/deraadt; ghudson at MIT.EDU
(reported on http://bugs.gentoo.org/show_bug.cgi?id=28927 by Christian Rubbert <ceed@xrc.de>)
SOLUTION
It is recommended that all Gentoo Linux users who are running net-misc/openssh upgrade to openssh-3.7.1_p1 as follows:
emerge sync emerge openssh emerge clean
--------------------------------------------------------------- seemant@gentoo.org - GnuPG key in signature below and on keyservers vapier@gentoo.org
-- Seemant Kulleen Developer and Project Co-ordinator, Gentoo Linux http://dev.gentoo.org/~seemant
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x3458780E Key fingerprint = 23A9 7CB5 9BBB 4F8D 549B 6593 EDA2 65D8 3458 780E
|
|
|
|