The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges.
| CVE ID | Name | Status | References |
|---|---|---|---|
| CVE-2003-0787 | The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges. |
Assigned (20030917) | BID:8677 | URL:http://www.securityfocus.com/bid/8677 | BUGTRAQ:20030923 Multiple PAM vulnerabilities in portable OpenSSH | URL:http://www.securityfocus.com/archive/1/338617 | BUGTRAQ:20030923 Portable OpenSSH 3.7.1p2 released | URL:http://www.securityfocus.com/archive/1/338616 | CERT-VN:VU#209807 | URL:http://www.kb.cert.org/vuls/id/209807 | CONFIRM:http://www.openssh.com/txt/sshpam.adv | FULLDISC:20030924 [OpenPKG-SA-2003.042] OpenPKG Security Advisory (openssh) | URL:http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010812.html |
Page created: