SSL Buffer Overflow Vulnerability
Doncho N. Gunchev
mr700 at globalnet.bg
Fri May 28 11:16:26 UTC 2004
On Thursday 27 May 2004 18:02, Chalonec Roger wrote:
> I performed the check and am running openssh-3.6.1p2-19. Part of their
> report showed:
>
> -------------------------------------------------------------
> SSH Servers: TCP:22 - OpenSSH 3.7.0 Buffer Overflow
> Risk Level: High
> Description: OpenSSH versions prior to 3.7.1 are vulnerable to buffer
> management errors.
> How To Fix:
> Upgrade to 3.7.1 or the latest build immediately.
> URL1: OpenSSH Advisory (http://www.openssh.com/txt/buffer.adv)
> CVE: CAN-2003-0695
> ------------------------------------------------------------------
[root at fc1 root]# rpm -q --changelog openssh | grep -2 'CAN-2003-0695'
* Wed Sep 17 2003 Bill Nottingham <notting at redhat.com> 3.6.1p1-14
- additional buffer manipulation fixes (CAN-2003-0695)
* Wed Sep 17 2003 Daniel Walsh <dwalsh at redhat.com> 3.6.1p2-13.sel
>
> Another part showed:
> ----------------------------------------------------
> 22: SSH - SSH (Secure Shell) Remote Login Protocol
> Detected Protocol: SSH
> Port State: Open
> Version: SSH-1.99-OPENSSH_3.6.1P2
> ----------------------------------------------------
>
>
> This was Retina so I guess it was a false positive. Sorry for the
> alarm.
No problem, you're welcome :)
>
> Thanks for your help,
>
> Roger
>
>
> 3.7.0 and another showed
>
> -----Original Message-----
> From: Doncho N. Gunchev [mailto:mr700 at globalnet.bg]
> Sent: Thursday, May 27, 2004 6:50 AM
> To: For users of Fedora Core releases
> Cc: Chalonec Roger
> Subject: Re: SSL Buffer Overflow Vulnerability
>
>
> On Thursday 27 May 2004 13:04, Chalonec Roger wrote:
> > Our security folks detected an openSSH vulnerability in a fully
> > patched FC1. They said that it was running version 3.7.0 and needed
> > to go to
>
> It should not -> in FC1 it's 'rpm -q openssh' =
> 'openssh-3.6.1p2-19'!
>
> > 3.7.1 . Should this be the case if FC1 is fully patched? Can anyone
> > point me to directions on how to upgrade to 3.7.1 or recommend a
> > better openSSH version?
>
> Better do 'rpm -q openssh --changelog | less' and see if this
> vulnerability is patched (you have to ask them exactly what
> vulnerability do they have in mind). Many programs report
> vulnerabilities based on the program version (not actual check), so I
> guess this is the case here. You can see openssh-3.7p1.tar.gz is from
> 16-Sep-2003 and in the changelog there are buffer overflow fixes from 17
> and 18 Sep-2003.
>
> >
> > Thanks,
> >
> > Roger
>
> Check the list, RedHat backports all fixes from the new versions.
> This way you don't have all new features (and unknown bugs), but still
> have all fixes from the new versions (as someone from RedHat allready
> explained).
>
> --
> Regards,
> Doncho N. Gunchev Registered Linux User #291323 at counter.li.org
> GPG-Key-ID: 1024D/DA454F79
> Key fingerprint = 684F 688B C508 C609 0371 5E0F A089 CB15 DA45 4F79
>
--
Regards,
Doncho N. Gunchev Registered Linux User #291323 at counter.li.org
GPG-Key-ID: 1024D/DA454F79
Key fingerprint = 684F 688B C508 C609 0371 5E0F A089 CB15 DA45 4F79
More information about the fedora-list
mailing list