Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0787

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2003-0787
Last Modified 10 Sep 2008 03:20:26
Published 17 Nov 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0787

Summary

The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges.

Vulnerable Systems

Application

  • Openbsd Openssh 3.7.1

  • Openbsd Openssh 3.7.1p1


References

CERT-VN - VU#209807

CONFIRM - http://www.openssh.com/txt/sshpam.adv

FULLDISC - 20030924 [OpenPKG-SA-2003.042] OpenPKG Security Advisory (openssh)

BID - 8677

BUGTRAQ - 20030923 Multiple PAM vulnerabilities in portable OpenSSH

BUGTRAQ - 20030923 Portable OpenSSH 3.7.1p2 released


Last Updated: 27 May 2016 10:38:03