Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

DSA-383-2 ssh-krb5 -- possible remote vulnerability

Related Vulnerabilities: CVE-2003-0693   CVE-2003-0695   CVE-2003-0682  

Several bugs have been found in OpenSSH's buffer handling. It is not known if these bugs are exploitable, but as a precaution an upgrade is advised. DSA-383-2: This advisory is an addition to the earlier DSA-383-1 advisory: Solar Designer found four more bugs in OpenSSH that may be exploitable. For the Debian stable distribution these bugs have been fixed in version 1:3.4p1-0woody4. We recommend that you update your ssh-krb5 package.

Source

Debian Security Advisory

DSA-383-2 ssh-krb5 -- possible remote vulnerability

Date Reported:
17 Sep 2003
Affected Packages:
ssh-krb5
Vulnerable:
Yes
Security database references:
In the Bugtraq database (at SecurityFocus): BugTraq ID 8628.
In Mitre's CVE dictionary: CVE-2003-0693, CVE-2003-0695, CVE-2003-0682.
CERT's vulnerabilities, advisories and incident notes: VU#333628, CA-2003-24.
More information:

Several bugs have been found in OpenSSH's buffer handling. It is not known if these bugs are exploitable, but as a precaution an upgrade is advised.

DSA-383-2: This advisory is an addition to the earlier DSA-383-1 advisory: Solar Designer found four more bugs in OpenSSH that may be exploitable.

For the Debian stable distribution these bugs have been fixed in version 1:3.4p1-0woody4.

We recommend that you update your ssh-krb5 package.

Fixed in:

Debian GNU/Linux 3.0 (woody)

Source:
http://security.debian.org/pool/updates/main/o/openssh-krb5/openssh-krb5_3.4p1.orig.tar.gz
http://security.debian.org/pool/updates/main/o/openssh-krb5/openssh-krb5_3.4p1-0woody4.diff.gz
http://security.debian.org/pool/updates/main/o/openssh-krb5/openssh-krb5_3.4p1-0woody4.dsc
Alpha:
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_alpha.deb
ARM:
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_arm.deb
HP Precision:
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_hppa.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_ia64.deb
Motorola 680x0:
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_m68k.deb
Big endian MIPS:
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_mips.deb
Little-endian MIPS:
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_sparc.deb

MD5 checksums of the listed files are available in the original advisory.

MD5 checksums of the listed files are available in the revised advisory.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started