Vulnerability Description
A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openbsd | Openssh | <= 3.7 |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010103.html
- http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010135.html
- http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010146.html
- http://marc.info/?l=bugtraq&m=106373247528528&w=2
- http://marc.info/?l=bugtraq&m=106373546332230&w=2
- http://marc.info/?l=bugtraq&m=106374466212309&w=2
- http://marc.info/?l=bugtraq&m=106381396120332&w=2
- http://marc.info/?l=bugtraq&m=106381409220492&w=2
- http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000620.1-1
- http://www.cert.org/advisories/CA-2003-24.htmlUS Government Resource
- http://www.debian.org/security/2003/dsa-382
- http://www.debian.org/security/2003/dsa-383
- http://www.kb.cert.org/vuls/id/333628PatchThird Party AdvisoryUS Government Resource
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:090
- http://www.openssh.com/txt/buffer.adv
FAQ
What is CVE-2003-0693?
CVE-2003-0693 is a vulnerability with a CVSS score of 10.0 (HIGH). A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corr...
How severe is CVE-2003-0693?
CVE-2003-0693 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-0693?
Check the references section above for vendor advisories and patch information. Affected products include: Openbsd Openssh.