CVE-2003-0787

The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010812.html
http://www.openssh.com/txt/sshpam.adv
http://www.kb.cert.org/vuls/id/209807	US Government Resource
http://www.securityfocus.com/archive/1/338617
http://www.securityfocus.com/archive/1/338616
http://www.securityfocus.com/bid/8677

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:openbsd:openssh:3.7.1:::::::*
	cpe:2.3:a:openbsd:openssh:3.7.1p1:::::::*

Information

Published : 2003-11-16 21:00

Updated : 2008-09-10 12:20

NVD link : CVE-2003-0787

Mitre link : CVE-2003-0787

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

openbsd

openssh

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010812.html", "name": "20030924 [OpenPKG-SA-2003.042] OpenPKG Security Advisory (openssh)", "tags": [], "refsource": "FULLDISC"}, {"url": "http://www.openssh.com/txt/sshpam.adv", "name": "http://www.openssh.com/txt/sshpam.adv", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.kb.cert.org/vuls/id/209807", "name": "VU#209807", "tags": ["US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://www.securityfocus.com/archive/1/338617", "name": "20030923 Multiple PAM vulnerabilities in portable OpenSSH", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/338616", "name": "20030923 Portable OpenSSH 3.7.1p2 released", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/bid/8677", "name": "8677", "tags": [], "refsource": "BID"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2003-0787", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2003-11-17T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.7.1p1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2008-09-10T19:20Z"}