English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 143769 CVE descriptions
and 71225 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2003-51
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 Original released date : 17 Sep 2003
 Last revised           : 22 Sep 2003

 Package : openssh

 Summary : Buffer management errors

 More information :
    OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools
    that increasing numbers of people on the Internet are coming to rely on. 
    All versions of OpenSSH's sshd prior to 3.7.1 contain buffer management errors.

 Impact :
    This vulnerability may allow a remote attacker to execute arbitrary code.

 Affected Products :
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation
    - Turbolinux Server 6.5
    - Turbolinux Advanced Server 6
    - Turbolinux Server 6.1
    - Turbolinux Workstation 6.0


 Solution :
    Please use turbopkg tool to apply the update.


 <Turbolinux 8 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/openssh-3.7.1p1-4.src.rpm
       840278 02cd195471b275f6b8cb5d5e81e12f6e

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssh-3.7.1p1-4.i586.rpm
       193036 59445c9e3ade3b20305bc250125b9443
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssh-askpass-3.7.1p1-4.i586.rpm
        33434 0f90ff6a6e5363a76ed79d3da08c64f7
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssh-askpass-gnome-3.7.1p1-4.i586.rpm
        14673 530ebfc4041d38112b65dcd2173a2421
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssh-clients-3.7.1p1-4.i586.rpm
       215841 d754024163ce1e6ee04d2578753f0c21
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssh-server-3.7.1p1-4.i586.rpm
       231111 58113eec0703f3d147dc3a4d7d5393b4

 <Turbolinux 8 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/openssh-3.7.1p1-4.src.rpm
       840278 25971e9e5743a93901a0cbf930ebd080

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/openssh-3.7.1p1-4.i586.rpm
       193015 28b9aed67c3c9ef0054e5e420e3ea5d7
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/openssh-askpass-3.7.1p1-4.i586.rpm
        33432 1530b207ec2d8e85668471660e71e41d
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/openssh-clients-3.7.1p1-4.i586.rpm
       215933 9086039fb1d459ac0921c5ece24c6486
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/openssh-server-3.7.1p1-4.i586.rpm
       231110 20d6f2839d4ccb0a818fefa6b6393325

 <Turbolinux 7 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/openssh-3.7.1p1-4.src.rpm
       840278 4305414497e7e3489ada142e41c5f703

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/openssh-3.7.1p1-4.i586.rpm
       188813 65f26185e001aa075a52d7d4383d1363
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/openssh-askpass-3.7.1p1-4.i586.rpm
        32944 50f4d9c7adfb8706ae66c71987dbd041
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/openssh-clients-3.7.1p1-4.i586.rpm
       209536 dfa3bc5d0b9976f1aae94a03dc28cd5f
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/openssh-server-3.7.1p1-4.i586.rpm
       223229 93b98fa6432f9238243c3f116b9efc10

 <Turbolinux 7 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/openssh-3.7.1p1-4.src.rpm
       840278 4b558bad9b81322edf8ac49508f42826

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/openssh-3.7.1p1-4.i586.rpm
       188806 c71a45531224e11477666c9ff56688d6
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/openssh-askpass-3.7.1p1-4.i586.rpm
        32948 6d84710cb7306692e82022dda5fe50f4
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/openssh-clients-3.7.1p1-4.i586.rpm
       209570 008a86e2bf50ec0cf62771fa6bda834f
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/openssh-server-3.7.1p1-4.i586.rpm
       223224 3beb7d1854870f4b8cc86523fe39fedb

 <Turbolinux Server 6.5>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/SRPMS/openssh-3.7.1p1-4.src.rpm
       840278 1fc5269641d8904819a6dc9f35f9bba9

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/openssh-3.7.1p1-4.i386.rpm
       211400 c1b702a69363937d65fdf69b1abc85d9
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/openssh-askpass-3.7.1p1-4.i386.rpm
        32673 75b7e850dacfece3bcd05d2bc67fe8b8
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/openssh-clients-3.7.1p1-4.i386.rpm
       242262 f3865946c8dbd5bf641272117dd1ff4a
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/openssh-server-3.7.1p1-4.i386.rpm
       255627 2af41c03de7763e9abc4e0d73f5642c6

 <Turbolinux Advanced Server 6>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/SRPMS/openssh-3.7.1p1-4.src.rpm
       840278 5633eb4611fd4613ef0eff3769dcaaff

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/openssh-3.7.1p1-4.i386.rpm
       211318 936e47da80580d20effb6bc1482dcf37
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/openssh-askpass-3.7.1p1-4.i386.rpm
        32649 d860b524bfa483196cfb4fe88f5fead1
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/openssh-askpass-gnome-3.7.1p1-4.i386.rpm
        14339 f383aace6a75a8a3b16beb124fceee73
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/openssh-clients-3.7.1p1-4.i386.rpm
       242210 219ed0479b17038aa2e473399f60b9e7
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/openssh-server-3.7.1p1-4.i386.rpm
       255609 92fb6a28e5d787b3f768df8568a30332

 <Turbolinux Server 6.1>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/SRPMS/openssh-3.7.1p1-4.src.rpm
       840278 71f1c814bfde6b73c563168fd1a5affd

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/openssh-3.7.1p1-4.i386.rpm
       211337 a10b024543c04e490461776e2bbdbb29
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/openssh-askpass-gnome-3.7.1p1-4.i386.rpm
        14340 8c268657f1b2481a7f506775978e68d4
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/openssh-clients-3.7.1p1-4.i386.rpm
       242210 25f186534e651b3ab70b33b38631ce13
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/openssh-server-3.7.1p1-4.i386.rpm
       255576 dd79075a3a00142664b6ec55f79e0de8

 <Turbolinux Workstation 6.0>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/SRPMS/openssh-3.7.1p1-4.src.rpm
       840278 522fa52683b073b40d92eaba5b313c46

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/openssh-3.7.1p1-4.i386.rpm
       211326 0b174b2b77e96b5197e5936a605cc4b8
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/openssh-askpass-3.7.1p1-4.i386.rpm
        32655 63e288827126854bcdb50e2873a0852b
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/openssh-askpass-gnome-3.7.1p1-4.i386.rpm
        14336 b62d1e216a47aac58713e780fbc10569
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/openssh-clients-3.7.1p1-4.i386.rpm
       242225 77fe97cd19d4d6aac38887e1baa6f61c
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/openssh-server-3.7.1p1-4.i386.rpm
       255578 aa3ed0646f90fece290672f737e206a4


 Notice :
    After performing the update, it is necessary to restart the sshd secure shell daemon.
    To do this, run the following command as user root.
 ---------------------------------------------
 # /etc/init.d/sshd restart
 or
 # /etc/rc.d/init.d/sshd restart
 ---------------------------------------------


 References :

 openssh-unix-announce
   [OpenSSH 3.7 released]
   http://www.mindrot.org/pipermail/openssh-unix-announce/2003-September/000062.html
   [OpenSSH 3.7.1 released]
   http://www.mindrot.org/pipermail/openssh-unix-announce/2003-September/000064.html

 CERT Advisory
   [CA-2003-24]
   http://www.cert.org/advisories/CA-2003-24.html

 CVE
   [CAN-2003-0693]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0693
   [CAN-2003-0695]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0695


 --------------------------------------------------------------------------
 Revision History
    17 Sep 2003 Initial release
    22 Sep 2003 Added References : [CAN-2003-0695]
 --------------------------------------------------------------------------

 Copyright(C) 2003 Turbolinux, Inc. All rights reserved. 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/bqDFK0LzjOqIJMwRAj1qAJ9+hJaC4D/e2VF+iteSq/Cm3IqgDQCfTItF
b0PBfc2nW4bVfHs1hSWThAA=
=+zXJ
-----END PGP SIGNATURE-----

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.