Cornell Home Page Computing at Cornell Security

Vulnerability alert: OpenSSH buffer management (09/17/03)

A vulnerability in OpenSSH server versions older than 3.7 allows heap memory to become corrupted, permitting denial-of-service attacks and possibly remote execution of arbitrary code. There are reports that attacks exploiting this vulnerability have already begun. Systems running versions of Linux or UNIX listed below, including Mac OS X, can be affected. Systems that use code derived from vulnerable versions of OpenSSH can be affected even if OpenSSH itself is not in use.

For a description of the vulnerability, see CERT Advisory CA2003-24 Buffer Management Vulnerability in OpenSSH.

How to avoid it:

System administrators should verify which, if any, version of OpenSSH is running on their machines. Each vendor has specific instructions for checking, as well as for updating the version.

CERT recommends disabling ssh if it is not needed. If ssh is needed, vulnerable systems should be updated to version 3.7 or patched.

What systems are affected:

The following operating systems can run OpenSSH, although they do not necessarily come with it:

Linux vendors RedHat, Mandrake, Debian, and Slackware have all posted patches for their versions of OpenSSH. The patch from Apple, which is not yet available, will come via normal "Software Update."

CERT provides a list of OSes and whether or not they are vulnerable at http://www.kb.cert.org/vuls/id/333628.


Computing at Cornell Homepage CUinfo CIT Contact List Send Us Feedback

Last modified: Sept. 17, 2003