Gentoo: openssh Buffer management error
Posted by LinuxSecurity.com Team   
Gentoo ll versions of OpenSSH's sshd prior to 3.7 contain a buffer managementerror. It is uncertain whether this error is potentially exploitable,however, we prefer to see bugs fixed proactively.

- - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200309-11
- - ---------------------------------------------------------------------

          PACKAGE : openssh
          SUMMARY : buffer management error
             DATE : 2003-09-16 22:53 UTC
          EXPLOIT : remote
VERSIONS AFFECTED : =openssh-3.7_p1
              CVE : CAN-2003-0693

- - ---------------------------------------------------------------------

quote from advisory:

"All versions of OpenSSH's sshd prior to 3.7 contain a buffer management
error.  It is uncertain whether this error is potentially exploitable,
however, we prefer to see bugs fixed proactively."

read the full advisory at: 
http://www.openssh.com/txt/buffer.adv

SOLUTION

It is recommended that all Gentoo Linux users who are running
net-misc/openssh upgrade to openssh-3.7_p1 as follows:

emerge sync
emerge openssh
emerge clean

- - ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at  http://dev.gentoo.org/~aliz
vapier@gentoo.org
- - ---------------------------------------------------------------------