CVE-2003-0787 — Openssh vulnerability

6 documents6 sources

Severity

7.5HIGHNVD

EPSS

0.5%

top 35.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openbsd Openssh

Timeline

PublishedNov 17

Latest updateApr 29

Description

The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶Debianopenbsd/openssh< 1:3.7.1p2+3

▶NVDopenbsd/openssh3.7.1, 3.7.1p1+1

🔴Vulnerability Details

GHSA

GHSA-jmj3-c2mm-6fgh: The PAM conversation function in OpenSSH 3↗2022-04-29

▶

OSV

CVE-2003-0787: The PAM conversation function in OpenSSH 3↗2003-11-17

▶

CVEList

CVE-2003-0787: The PAM conversation function in OpenSSH 3↗2003-09-25

▶

📋Vendor Advisories

Debian

CVE-2003-0787: openssh - The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array o...↗2003

▶

Red Hat

CVE-2003-0787: The PAM conversation function in OpenSSH 3↗

▶