Bug 104496

Summary: CAN-2003-0693 OpenSSH buffer allocation bug
Product: [Retired] Red Hat Linux Reporter: Mark J. Cox <mjc>
Component: opensshAssignee: Nalin Dahyabhai <nalin>
Status: CLOSED ERRATA QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: high    
Version: 9CC: dan, kajtzu, link, m.a.young, michael, nobody+pnasrat, sean
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2003-09-16 18:01:34 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
patch for openssh 3.1 systems like rhl 7.X none

Description Mark J. Cox 2003-09-16 13:48:24 UTC
A bug has been found in the buffer code in OpenSSH.  It is not yet clear if this
could be exploited by an attacker but several possible attack vectors are under
evaluation.  A patch from the OpenBSD team is available.

RHSA-2003:279 in progress.

Comment 1 Mark J. Cox 2003-09-16 13:50:46 UTC
*** Bug 104495 has been marked as a duplicate of this bug. ***

Comment 2 Seth Vidal 2003-09-16 14:17:59 UTC
Have y'all patched anything else that was not included in this patch:
http://www.freebsd.org/cgi/cvsweb.cgi/src/crypto/openssh/buffer.c.diff?r1=1.1.1.6&r2=1.1.1.7&f=u

?

Just trying to find out if pushing what I have is sufficient or if there is
something else announced privately that I'm missing.

thanks

Comment 3 Kaj J. Niemi 2003-09-16 15:16:53 UTC
According to a message posted to openbsd-misc by Markus Friedl
<markus> that's enough:

<http://marc.theaimsgroup.com/?l=openbsd-misc&m=106371592604940&w=2>



Comment 4 Seth Vidal 2003-09-16 16:06:19 UTC
Created attachment 94524 [details]
patch for openssh 3.1 systems like rhl 7.X

patch for openssh 3.1 systems like rhl 7.x - the provided patch from friedl
just needed a little modfication.

I know something like this will be in red hat's errata but can't hurt to add it
here for others.

Comment 5 Mark J. Cox 2003-09-16 18:01:34 UTC
An errata has been issued which should help the problem described in the above
bug report. 
This report is therefore being closed with a resolution of ERRATA. For more
information
on the solution and/or where to find the updated files, please follow the link
below. 
You may reopen this bug report if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2003-279.htm

Comment 6 Michael Lee Yohe 2003-09-16 20:45:43 UTC
Mark - your link is bad.

Error 404.

Comment 7 Mark J. Cox 2003-09-16 20:49:04 UTC
Missing l
http://rhn.redhat.com/errata/RHSA-2003-279.html

Comment 8 Michael Young 2003-09-17 08:09:32 UTC
Are you aware that openssh have revised their advisory and released 3.7.1 - it
looks like they are fixing the problem in more cases.

Comment 9 Mark J. Cox 2003-09-17 08:12:32 UTC
See bug 104551 for these additional issues.