SSL Buffer Overflow Vulnerability

Doncho N. Gunchev mr700 at globalnet.bg
Fri May 28 11:16:26 UTC 2004 

On Thursday 27 May 2004 18:02, Chalonec Roger wrote:
> I performed the check and am running openssh-3.6.1p2-19.  Part of their
> report showed:
> 
> -------------------------------------------------------------
> SSH Servers: TCP:22 - OpenSSH 3.7.0 Buffer Overflow
> Risk Level: High 
> Description: OpenSSH versions prior to 3.7.1 are vulnerable to buffer
> management errors.
> How To Fix: 
> Upgrade to 3.7.1 or the latest build immediately.
> URL1: OpenSSH Advisory  (http://www.openssh.com/txt/buffer.adv)
> CVE: CAN-2003-0695 
> ------------------------------------------------------------------

[root at fc1 root]# rpm -q --changelog openssh | grep -2 'CAN-2003-0695'
* Wed Sep 17 2003 Bill Nottingham <notting at redhat.com> 3.6.1p1-14

- additional buffer manipulation fixes (CAN-2003-0695)

* Wed Sep 17 2003 Daniel Walsh <dwalsh at redhat.com> 3.6.1p2-13.sel

> 
> Another part showed:
> ----------------------------------------------------
> 22: SSH - SSH (Secure Shell) Remote Login Protocol
> Detected Protocol: SSH
> Port State: Open
> Version: SSH-1.99-OPENSSH_3.6.1P2
> ----------------------------------------------------
> 
> 
> This was Retina so I guess it was a false positive.  Sorry for the
> alarm.

    No problem, you're welcome :)

> 
> Thanks for your help,
> 
> Roger
> 
> 
>  3.7.0 and another showed 
> 
> -----Original Message-----
> From: Doncho N. Gunchev [mailto:mr700 at globalnet.bg] 
> Sent: Thursday, May 27, 2004 6:50 AM
> To: For users of Fedora Core releases
> Cc: Chalonec Roger
> Subject: Re: SSL Buffer Overflow Vulnerability
> 
> 
> On Thursday 27 May 2004 13:04, Chalonec Roger wrote:
> > Our security folks detected an openSSH vulnerability in a fully 
> > patched FC1.  They said that it was running version 3.7.0 and needed 
> > to go to
> 
>     It should not -> in FC1 it's 'rpm -q openssh' =
> 'openssh-3.6.1p2-19'!
> 
> > 3.7.1 .  Should this be the case if FC1 is fully patched?  Can anyone 
> > point me to directions on how to upgrade to 3.7.1 or recommend a 
> > better openSSH version?
> 
>     Better do 'rpm -q openssh --changelog | less' and see if this
> vulnerability is patched (you have to ask them exactly what
> vulnerability do they have in mind). Many programs report
> vulnerabilities based on the program version (not actual check), so I
> guess this is the case here. You can see openssh-3.7p1.tar.gz is from
> 16-Sep-2003 and in the changelog there are buffer overflow fixes from 17
> and 18 Sep-2003.
> 
> > 
> > Thanks,
> > 
> > Roger
> 
>     Check the list, RedHat backports all fixes from the new versions.
> This way you don't have all new features (and unknown bugs), but still
> have all fixes from the new versions (as someone from RedHat allready
> explained).
> 
> -- 
> Regards,
>   Doncho N. Gunchev    Registered Linux User #291323 at counter.li.org
>   GPG-Key-ID: 1024D/DA454F79
>   Key fingerprint = 684F 688B C508 C609 0371  5E0F A089 CB15 DA45 4F79
> 

-- 
Regards,
  Doncho N. Gunchev    Registered Linux User #291323 at counter.li.org
  GPG-Key-ID: 1024D/DA454F79
  Key fingerprint = 684F 688B C508 C609 0371  5E0F A089 CB15 DA45 4F79

More information about the fedora-list mailing list