From: Secunia Security Advisories (sec-advsecunia.com)
Date: Mon Sep 22 2003 - 06:16:43 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

TITLE:
Sun Solaris Secure Shell Buffer Management Vulnerability

SECUNIA ADVISORY ID:
SA9806

VERIFY ADVISORY:
http://www.secunia.com/advisories/9806/

CRITICAL:
Highly critical

IMPACT:
DoS, System access

WHERE:
From remote

OPERATING SYSTEM:
Sun Solaris 9

DESCRIPTION:
Sun has confirmed a vulnerability in Solaris, which potentially can
be exploited by malicious people to compromise a vulnerable system or
cause a DoS (Denial of Service).

The vulnerability is caused due to a buffer management error in
Solaris Secure Shell daemon (sshd), which is based on OpenSSH.

For more information:
SA9743

NOTE: The Solaris Secure Shell daemon may potentially also be
affected by other newly discovered vulnerabilities in OpenSSH.
However, this has not been confirmed.

SOLUTION:
Patches are not currently available.

Sun recommends that the ssh service is disabled. If this is not a
viable solution, then restrict access to the service allowing only
trusted systems to connect.

ORIGINAL ADVISORY:
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/56861

OTHER REFERENCES:
SA9743:
http://www.secunia.com/advisories/9743/

----------------------------------------------------------------------

Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +45 7020 5144
Fax : +45 7020 5145

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]