CVE-2003-0787
https://notcve.org/view.php?id=CVE-2003-0787
The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges. La función de conversación PAM en OpenSSH 3.7.1 y 3.7.1p1 interpreta un array de estructuras como un array de punteros, lo que permite a atacantes modificar la pila y posiblemente ganar privilegios. • http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010812.html http://www.kb.cert.org/vuls/id/209807 http://www.openssh.com/txt/sshpam.adv http://www.securityfocus.com/archive/1/338616 http://www.securityfocus.com/archive/1/338617 http://www.securityfocus.com/bid/8677 •
CVE-2003-0682
https://notcve.org/view.php?id=CVE-2003-0682
"Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-2003-0695. "Errores de Memoria" en OpenSSH 3.7.1 y anteriores, con impacto desconocido, un grupo de vulnerabilidades distinto de CAN-2003-0693 y CAN-2003-0695. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000741 http://marc.info/?l=bugtraq&m=106373546332230&w=2 http://marc.info/?l=bugtraq&m=106381409220492&w=2 http://www.debian.org/security/2003/dsa-382 http://www.debian.org/security/2003/dsa-383 http://www.redhat.com/support/errata/RHSA-2003-280.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A446 https://access.redhat.com/security/cve/CVE-2003-0682 https://bugzilla& •
CVE-2003-0695
https://notcve.org/view.php?id=CVE-2003-0695
Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than CVE-2003-0693. Múltiples "errores de gestión de búferes" en OpenSSH anteriores a 3.7.1 pueden permitir a atacantes causar una denegación de servicio o ejecutar código arbitrario usando (1) buffer_init en buffer.c, (2) buffer_free en buffer.c o (3) una función separada en channels.c, un vulnerabilidad distinta de CAN-2003-0693. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000741 http://marc.info/?l=bugtraq&m=106373546332230&w=2 http://marc.info/?l=bugtraq&m=106381396120332&w=2 http://marc.info/?l=bugtraq&m=106381409220492&w=2 http://marc.info/? •