aru Posted September 16, 2003 Report Share Posted September 16, 2003 MandrakeSoft Security Advisory MDKSA-2003:090 : openssh September 16th, 2003 Updated openssh packages fix buffer management error A buffer management error was discovered in all versions of openssh prior to version 3.7. According to the OpenSSH team's advisory: "It is uncertain whether this error is potentially exploitable, however, we prefer to see bugs fixed proactively." There have also been reports of an exploit in the wild. MandrakeSoft encourages all users to upgrade to these patched openssh packages immediately and to disable sshd until you are able to upgrade if at all possible. The released versions of Mandrake GNU/Linux affected are: 8.2 [*] 9.0 [*] 9.1 [*] Multi Network Firewall 8.2 [*] Corporate Server 2.1 Full information about this advisory, including the updated packages, is available at: www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:090 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2003-0693 http://www.kb.cert.org/vuls/id/333628 http://www.openssh.com/txt/buffer.adv Posted automatically by aru (mdksec2mub v0.0.6) Link to comment Share on other sites More sharing options...
Recommended Posts