National Cyber-Alert System
Vulnerability Summary: CVE-2003-0693
Orirignal release date: 2003-09-22
Source: US-CERT/NIST

Overview

    A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695.

Impact

    CVSS Severity: 10 (High)
    Range: remote
    Authentication: input bound="1"
    Impact Type: sec_prot admin="1" user="1" other="1"

Reference to Advisories, Solutions, and Tools

Vulnerable Software and Vendor

    OpenSSH (OpenSSH)

Technical Details

CVE Standard Vulnerability Entry: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0693