CyberSec.Space Logo
CVEブラウザに戻る

CVE-2003-0693

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0210%
EPSS Percentile42.17th
Published2003年9月22日
Last Modified2026年4月16日

Vulnerability Description

A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695.

Affected Platforms (CPE)

📦
Openbsd

Openssh

<= 3.7

References & Advisories

🔗 http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010103.html
🔗 http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010135.html
🔗 http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010146.html
🔗 http://marc.info/?l=bugtraq&m=106373247528528&w=2
🔗 http://marc.info/?l=bugtraq&m=106373546332230&w=2
🔗 http://marc.info/?l=bugtraq&m=106374466212309&w=2
🔗 http://marc.info/?l=bugtraq&m=106381396120332&w=2
🔗 http://marc.info/?l=bugtraq&m=106381409220492&w=2

関連する脆弱性情報

CVE-2002-064010.0

Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers to execute arbitrary code via a large number of re...

CVE-1999-066110.0

A system is running a version of software that was replaced with a Trojan Horse at one of its distribution points, such as (1) TCP...

CVE-2000-052510.0

OpenSSH does not properly drop privileges when the UseLogin option is enabled, which allows local users to execute arbitrary comma...

CVE-2003-078610.0

The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check...