Bug 46637 (CVE-2003-0787) - VUL-0: CVE-2003-0787: openssh PAM problem
Summary: VUL-0: CVE-2003-0787: openssh PAM problem
Status: RESOLVED FIXED
Alias: CVE-2003-0787
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: All Linux
: P3 - Medium : Major
Target Milestone: ---
Assignee: Petr Ostadal
QA Contact: Security Team bot
URL:
Whiteboard: CVE-2003-0787: CVSS v2 Base Score: 7....
Keywords:
Depends on:
Blocks:
 
Reported: 2003-09-23 21:06 UTC by Roman Drahtmueller
Modified: 2021-09-29 14:38 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
diff for reference, (5.22 KB, patch)
2003-09-23 21:07 UTC, Roman Drahtmueller 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Roman Drahtmueller 2003-09-23 21:06:47 UTC 
Public as of bugzilla bugtime:
mail from Damien Miller: Problems fixed with the release of 3.7.1p2:

1) SSH1 PAM challenge response auth ignored the result of the authentication
(with privsep off)

2) The PAM conversation function trashed the stack, by referring to the 
**resp parameter as an array of pointers rather than as a pointer to an 
array of struct pam_responses.
Comment 1 Roman Drahtmueller 2003-09-23 21:06:47 UTC 
<!-- SBZ_reproduce  -->
-
Comment 2 Roman Drahtmueller 2003-09-23 21:07:49 UTC 
Created attachment 14573 [details]
diff for reference,

This patch is included in the new version 3.7.1p2.
Comment 3 Roman Drahtmueller 2003-09-23 21:08:39 UTC 
The first problem is assigned CAN-2003-0786, the second is CAN-2003-0787.
Comment 4 Roman Drahtmueller 2003-09-23 21:11:29 UTC 
Turned in to STABLE for 9.0.
Closing bug.
Comment 5 Roman Drahtmueller 2003-09-23 21:11:58 UTC 
-
Comment 6 Thomas Biege 2009-10-13 19:39:13 UTC 
CVE-2003-0787: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)