CVE-2003-0695

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 3.7.1 OpenSSH-server versions 3.1p1 through 3.4p1 OpenSSH-askpass versions 3.1p1 through 3.4p1 OpenSSH-askpass-gnome versions 3.1p1 through 3.4p1 OpenSSH-clients versions 3.1p1 through 3.4p1

Description The issue involves multiple vulnerabilities in OpenSSH, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The errors include buffer management issues in files such as buffer.c and channels.c, which may allow attackers to cause a denial of service or execute arbitrary code.

Recommendations For OpenSSH versions prior to 3.7.1, update to version 3.7.1 or later. For OpenSSH-server versions 3.1p1 through 3.4p1, update to a version later than 3.4p1. For OpenSSH-askpass versions 3.1p1 through 3.4p1, update to a version later than 3.4p1. For OpenSSH-askpass-gnome versions 3.1p1 through 3.4p1, update to a version later than 3.4p1. For OpenSSH-clients versions 3.1p1 through 3.4p1, update to a version later than 3.4p1. As a temporary workaround, consider restricting access to vulnerable OpenSSH components until a patch is available.