The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges.
CVE ID | Name | Status | References |
---|---|---|---|
CVE-2003-0787 | The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges. |
Assigned (20030917) | BID:8677 | URL:http://www.securityfocus.com/bid/8677 | BUGTRAQ:20030923 Multiple PAM vulnerabilities in portable OpenSSH | URL:http://www.securityfocus.com/archive/1/338617 | BUGTRAQ:20030923 Portable OpenSSH 3.7.1p2 released | URL:http://www.securityfocus.com/archive/1/338616 | CERT-VN:VU#209807 | URL:http://www.kb.cert.org/vuls/id/209807 | CONFIRM:http://www.openssh.com/txt/sshpam.adv | FULLDISC:20030924 [OpenPKG-SA-2003.042] OpenPKG Security Advisory (openssh) | URL:http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010812.html |
Page created: