This service will be undergoing maintenance at 00:00 UTC, 2016-09-28. It is expected to last about 1 hours
Bug 104573 - Buffer managment errors in OpenSSH < 3.7.1
Buffer managment errors in OpenSSH < 3.7.1
Status: CLOSED DUPLICATE of bug 104551
Product: Red Hat Raw Hide
Classification: Retired
Component: openssh (Show other bugs)
1.0
All Linux
high Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Brian Brock
http://marc.theaimsgroup.com/?l=openb...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-09-17 09:34 EDT by Alan Sanderson
Modified: 2007-03-27 00:09 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-02-21 13:58:36 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Alan Sanderson 2003-09-17 09:34:26 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i586; en-AU; rv:1.5a) Gecko/20030801
Mozilla Firebird/0.6.1

Description of problem:
Buffer managment errors have been discorever in OpenSSH 3.7.0 and below, this
has been said to be remotely exploitable.
OpenSSH should therefore be upgraded to 3.7.1 in rawhide and no doubt in RedHat
Linux 9.0, 8.0, 7.3, 7.2, 7.1.

Version-Release number of selected component (if applicable):
openssh-3.6.1p2-4

How reproducible:
Always

Steps to Reproduce:
1.See description
2.
3.
    

Actual Results:  See description

Expected Results:  See description

Additional info:

http://marc.theaimsgroup.com/?l=openbsd-misc&m=106375456923804&w=2
http://marc.theaimsgroup.com/?l=openbsd-misc&m=106375452423794&w=2
http://slashdot.org/article.pl?sid=03/09/16/1327248&mode=nested&tid=126&tid=172
Comment 1 Hrunting Johnson 2003-09-17 10:37:16 EDT
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/channels.c.diff?r1=1.194&r2=1.195&f=h

These are the changes that need to be made.  This is a very similar fix to
yesterday's buffer.c patch which does need to be applied to yesterday's errata.
Comment 2 Mark J. Cox (Product Security) 2003-09-17 11:45:56 EDT

*** This bug has been marked as a duplicate of 104551 ***
Comment 3 Red Hat Bugzilla 2006-02-21 13:58:36 EST
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.

Note You need to log in before you can comment on or make changes to this bug.