Summary
The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-03:12.openssh.asc
Solution
Upgrade your system to the appropriate stable release or security branch dated after the correction date
https://secure1.securityspace.com/smysecure/catid.html?in=FreeBSD-SA-03:12.openssh.asc
Insight
OpenSSH is a free version of the SSH protocol suite of network connectivity tools. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks. Additionally, OpenSSH provides a myriad of secure tunneling capabilities, as well as a variety of authentication methods. `ssh' is the client application, while `sshd' is the server.
Several operations within OpenSSH require dynamic memory allocation or reallocation. Examples are: the receipt of a packet larger than available space in a currently allocated buffer creation of
additional channels beyond the currently allocated maximum and
allocation of new sockets beyond the currently allocated maximum.
Many of these operations can fail either due to `out of memory' or due to explicit checks for ridiculously sized requests. However, the failure occurs after the allocation size has already been updated, so that the bookkeeping data structures are in an inconsistent state (the recorded size is larger than the actual allocation). Furthermore, the detection of these failures causes OpenSSH to invoke several `fatal_cleanup' handlers, some of which may then attempt to use these inconsistent data structures. For example, a handler may zero and free a buffer in this state, and as a result memory outside of the allocated area will be overwritten with NUL bytes.
Severity
Classification
-
CVE CVE-2003-0693 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities