Bug 104496 - CAN-2003-0693 OpenSSH buffer allocation bug
CAN-2003-0693 OpenSSH buffer allocation bug
Product: Red Hat Linux
Classification: Retired
Component: openssh (Show other bugs)
All Linux
high Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Brian Brock
: Security
: 104495 (view as bug list)
Depends On:
  Show dependency treegraph
Reported: 2003-09-16 09:48 EDT by Mark J. Cox
Modified: 2014-01-21 17:48 EST (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2003-09-16 14:01:34 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
patch for openssh 3.1 systems like rhl 7.X (678 bytes, patch)
2003-09-16 12:06 EDT, Seth Vidal
no flags Details | Diff

  None (edit)
Description Mark J. Cox 2003-09-16 09:48:24 EDT
A bug has been found in the buffer code in OpenSSH.  It is not yet clear if this
could be exploited by an attacker but several possible attack vectors are under
evaluation.  A patch from the OpenBSD team is available.

RHSA-2003:279 in progress.
Comment 1 Mark J. Cox 2003-09-16 09:50:46 EDT
*** Bug 104495 has been marked as a duplicate of this bug. ***
Comment 2 Seth Vidal 2003-09-16 10:17:59 EDT
Have y'all patched anything else that was not included in this patch:


Just trying to find out if pushing what I have is sufficient or if there is
something else announced privately that I'm missing.

Comment 3 Kaj J. Niemi 2003-09-16 11:16:53 EDT
According to a message posted to openbsd-misc by Markus Friedl
<markus@openbsd.org> that's enough:


Comment 4 Seth Vidal 2003-09-16 12:06:19 EDT
Created attachment 94524 [details]
patch for openssh 3.1 systems like rhl 7.X

patch for openssh 3.1 systems like rhl 7.x - the provided patch from friedl
just needed a little modfication.

I know something like this will be in red hat's errata but can't hurt to add it
here for others.
Comment 5 Mark J. Cox 2003-09-16 14:01:34 EDT
An errata has been issued which should help the problem described in the above
bug report. 
This report is therefore being closed with a resolution of ERRATA. For more
on the solution and/or where to find the updated files, please follow the link
You may reopen this bug report if the solution does not work for you.

Comment 6 Michael Lee Yohe 2003-09-16 16:45:43 EDT
Mark - your link is bad.

Error 404.
Comment 7 Mark J. Cox 2003-09-16 16:49:04 EDT
Missing l
Comment 8 Michael Young 2003-09-17 04:09:32 EDT
Are you aware that openssh have revised their advisory and released 3.7.1 - it
looks like they are fixing the problem in more cases.
Comment 9 Mark J. Cox 2003-09-17 04:12:32 EDT
See bug 104551 for these additional issues.

Note You need to log in before you can comment on or make changes to this bug.