National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2003-0693 Detail

Description

A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695.

Source:  MITRE      Last Modified:  09/22/2003

Quick Info

CVE Dictionary Entry:
CVE-2003-0693
Original release date:
09/22/2003
Last revised:
07/10/2017
Source:
US-CERT/NIST

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score:
10.0 HIGH
Vector:
(AV:N/AC:L/Au:N/C:C/I:C/A:C) (legend)
Impact Subscore:
10.0
Exploitability Subscore:
10.0
CVSS Version 2 Metrics:
Access Vector:
Network exploitable
Access Complexity:
Low
Authentication:
Not required to exploit
Impact Type:
Provides administrator access, Allows complete confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service

Vendor Statements (disclaimer)

Official Statement from Red Hat (06/01/2007)

Not vulnerable. This flaw is fixed in Red Hat Enterprise Linux 2.1 via the errata RHSA-2003:280. This flaw is fixed in Red Hat Enterprise Linux 3 as a backported patch. The source RPM contains the patch openssh-3.6.1p2-owl-realloc.diff which resolved this flaw before Red Hat Enterprise Linux 3 GA. This flaw does not affect any subsequent versions of Red Hat Enterprise Linux.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource Type Source Name
http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010103.html External Source FULLDISC 20030915 new ssh exploit?
http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010135.html External Source FULLDISC 20030915 openssh remote exploit
http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010146.html External Source FULLDISC 20030916 The lowdown on SSH vulnerability
http://marc.info/?l=bugtraq&m=106373247528528&w=2 External Source BUGTRAQ 20030916 OpenSSH Buffer Management Bug Advisory
http://marc.info/?l=bugtraq&m=106373546332230&w=2 External Source REDHAT RHSA-2003:279
http://marc.info/?l=bugtraq&m=106374466212309&w=2 External Source BUGTRAQ 20030916 [slackware-security] OpenSSH Security Advisory (SSA:2003-259-01)
http://marc.info/?l=bugtraq&m=106381396120332&w=2 External Source TRUSTIX 2003-0033
http://marc.info/?l=bugtraq&m=106381409220492&w=2 External Source BUGTRAQ 20030917 [OpenPKG-SA-2003.040] OpenPKG Security Advisory (openssh)
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2719 Tool Signature; US Government Resource External Source OVAL oval:org.mitre.oval:def:2719
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:447 Tool Signature; US Government Resource External Source OVAL oval:org.mitre.oval:def:447
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000620.1-1 External Source SUNALERT 1000620
http://www.cert.org/advisories/CA-2003-24.html US Government Resource External Source CERT CA-2003-24
http://www.debian.org/security/2003/dsa-382 External Source DEBIAN DSA-382
http://www.debian.org/security/2003/dsa-383 External Source DEBIAN DSA-383
http://www.kb.cert.org/vuls/id/333628 Patch; Third Party Advisory; US Government Resource External Source CERT-VN VU#333628
http://www.mandriva.com/security/advisories?name=MDKSA-2003:090 External Source MANDRAKE MDKSA-2003:090
http://www.openssh.com/txt/buffer.adv External Source CONFIRM http://www.openssh.com/txt/buffer.adv
http://www.redhat.com/support/errata/RHSA-2003-280.html External Source REDHAT RHSA-2003:280
https://exchange.xforce.ibmcloud.com/vulnerabilities/13191 External Source XF openssh-packet-bo(13191)

References to Check Content

Identifier:
oval:org.mitre.oval:def:2719
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:2719
Identifier:
oval:org.mitre.oval:def:447
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:447

Technical Details

Vulnerability Type (View All)

Vulnerable software and versions Switch to CPE 2.2

Configuration 1
OR
cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*    versions up to (including) 3.7

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History 4 change records found - show changes