Vulnerability Description
The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openbsd | Openssh | 3.7.1 |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010812.html
- http://www.kb.cert.org/vuls/id/209807US Government Resource
- http://www.openssh.com/txt/sshpam.adv
- http://www.securityfocus.com/archive/1/338616
- http://www.securityfocus.com/archive/1/338617
- http://www.securityfocus.com/bid/8677
- http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010812.html
- http://www.kb.cert.org/vuls/id/209807US Government Resource
- http://www.openssh.com/txt/sshpam.adv
- http://www.securityfocus.com/archive/1/338616
- http://www.securityfocus.com/archive/1/338617
- http://www.securityfocus.com/bid/8677
FAQ
What is CVE-2003-0787?
CVE-2003-0787 is a vulnerability with a CVSS score of 7.5 (HIGH). The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges.
How severe is CVE-2003-0787?
CVE-2003-0787 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-0787?
Check the references section above for vendor advisories and patch information. Affected products include: Openbsd Openssh.