Last revised: Aug 12, 2008
A complete revision history can be found at the end of this file.
- Systems running versions of OpenSSH prior to 3.7.1
- Systems that use or derive code from vulnerable versions of OpenSSH
There is a remotely exploitable vulnerability in a general buffer management function in versions of OpenSSH prior to 3.7.1. This may allow a remote attacker to corrupt heap memory which could cause a denial-of-service condition. It may also be possible for an attacker to execute arbitrary code.
We are updating this advisory to inform users that Version 3.7.1 of OpenSSH has been released to patch a similar vulnerability in the buffer management code.
There are two errors in the buffer management code of OpenSSH. These vulnerabilities affect versions prior to 3.7.1. Version 3.7 is affected by one of these errors. The errors occur when a buffer is allocated for a large packet. When the buffer is cleared, an improperly sized chunk of memory is filled with zeros. This leads to heap corruption, which could cause a denial-of-service condition. These vulnerabilities may also allow an attacker to execute arbitrary code.
The OpenSSH advisory has been updated to include a patch for version 3.7 as well as 3.6.1 and prior.
Other systems that use or derive code from OpenSSH may be affected. This includes network equipment and embedded systems. We have monitored incident reports that may be related to this vulnerability.
Vulnerability Note VU#333628 lists the vendors we contacted about these vulnerabilities. The vulnerability note is available from
This vulnerability has been assigned the following Common Vulnerabilities and Exposures (CVE) number:
While the full impact of this issues are unclear, the most likely result is heap corruption, which could lead to a denial of service.
If it is possible for an attacker to execute arbitrary code, then they may be able to so with the privileges of the user running the sshd process, typically root. This impact may be limited on systems using the privilege separation (privsep) feature available in OpenSSH.
Upgrade to OpenSSH version 3.7.1
This vulnerability is resolved in OpenSSH version 3.7.1, which is available from the OpenSSH web site at
Apply a patch from your vendor
A patches for these issues are included in the OpenSSH advisory at
This patch may be manually applied to correct this vulnerability in affected versions of OpenSSH. If your vendor has provided a patch or upgrade, you may want to apply it rather than using the patch from OpenSSH. Find information about vendor patches in Appendix A. We will update this document as vendors provide additional information.
Use privilege separation to minimize impact
System administrators running OpenSSH versions 3.2 or higher may be able to reduce the impact of this vulnerability by enabling the "UsePrivilegeSeparation" configuration option in their sshd configuration file. Typically, this is accomplished by creating a privsep user, setting up a restricted (chroot) environment, and adding the following line to /etc/ssh/sshd_config:
This workaround does not prevent this vulnerability from being exploited, however due to the privilege separation mechanism, the intruder may be limited to a constrained chroot environment with restricted privileges. This workaround will not prevent this vulnerability from creating a denial-of-service condition. Not all operating system vendors have implemented the privilege separation code, and on some operating systems it may limit the functionality of OpenSSH. System administrators are encouraged to carefully review the implications of using the workaround in their environment and use a more comprehensive solution if one is available. The use of privilege separation to limit the impact of future vulnerabilities is encouraged.
Appendix A. - Vendor Information
This appendix contains information provided by vendors for this advisory. As vendors report new information to the CERT/CC, we will update this section and note the changes in the revision history. Additional vendors who have not provided direct statements, but who have made public statements or informed us of their status are listed in VU#333628. If a vendor is not listed below or in VU#333628, we have not received their comments.
AppGate Network Security AB
AppGate versions from 4.0 up to and including 5.3.1 does include the vulnerable code. Patches are available from the appgate support pages at http://www.appgate.com.
Apple Computers Inc.
Mac OS X 10.2.8 contains the patches to address CVE CAN-2003-0693, CAN-2003-0695, and CAN-2003-0682. On Mac OS X versions prior to 10.2.8, the vulnerability is limited to a denial of service from the possibility of causing sshd to crash. Each login session has its own sshd, so established connections are preserved up to the point where system resources are exhausted by an attack.
To deliver the update in a rapid and reliable manner, only the patches for CVE IDs listed above were applied, and not the entire set of patches for OpenSSH 3.7.1. Thus, the OpenSSH version in Mac OS X 10.2.8, as obtained via the "ssh -V" command, is:OpenSSH_3.4p1+CAN-2003-0693, SSH protocols 1.5/2.0, OpenSSL 0x0090609f
Mac OS X 10.2.8 is available as a free update for customers running Mac OS X 10.2.x. It is available from:
Mac OS X Client (updating from 10.2 - 10.2.5):
Mac OS X Client (updating from 10.2.6 - 10.2.7):
Mac OS X Server (updating from 10.2 - 10.2.5):
Mac OS X Server (updating from 10.2.6 - 10.2.7):
Our software shares no codebase with the OpenSSH implementation, therefore we believe that, in our products, this problem does not exist.
Cisco has some products which are vulnerable to this issue. Cisco's response is now published at
Cray Inc. supports OpenSSH through its Cray Open Software (COS) package. Cray is vulnerable to this buffer management error and is in the process of compiling OpenSSH 3.7. The new version will be made available in the next COS release.
Debian has issued DSA 382 and DSA 383 for these issues.
This vulnerability does not affect any version of F-Secure SSH software that utilizes ssh protocol version 2. The non-affected versions have been available since 1998.
This vulnerability only affects the following F-Secure SSH server versions: F-Secure SSH for Unix versions 1.3.14 and earlier.
More information is available from
The AIX Security Team is aware of the issues discussed in CERT
Vulnerability Note VU#333628 and CERT Advisory CA-2003-24.
OpenSSH is available for AIX via the AIX Toolbox for Linux or the
OpenSSH 3.4p1, revision 9 contains fixes for this issue for the AIX Toolbox
for Linux. For more information about the AIX Toolbox for Linux or to download
OpenSSH 3.4p1 revision 9, please see:
Please note that AIX Toolbox for Linux is available "as-is" and is unwarranted.
Patched versions of OpenSSH for the Bonus Pack on AIX 5.1 and 5.2 are available
Juniper Networks has identified this vulnerability in all shipping versions of JUNOS and coded a software fix. The fix will be included in all releases of JUNOS Internet software built on or after September 17. Customers with current support contracts should contact JTAC to obtain the fix for this vulnerability.
JUNOSe and SDX are not vulnerable to this issue.
Contract customers can review the details at:
Mandrake Linux is affected and MDKSA-2003:090 will be released today with patched versions of OpenSSH to resolve this issue.
Mirapoint released a patch (D3_SSH_CA_2003_24) last night to fix the first reported vulnerability and will release D3_SSH_CA_2003_24_1 to cover the second.
The NetBSD Security Advisory on the OpenSSH buffer management issue is available here:
This issue applies only to SecureAdmin on Data ONTAP versions earlier than 6.4.3, and SecureAdmin for NetCache releases earlier than 5.5R2.
All current releases (NetCache 5.6, 6.0 and 6.1, and Filer 6.5, 7.0, 7.1, 7.2, 7.3 and 10.0) have been secured against this issue.
If you have an affected release:Disable the SSH server on the filer or NetCache appliance, or if it must remain enabled, ensure that the ssh.access option (config.admin.trusted_hosts in NetCache) is used to restrict ssh connections to authorized administrative hosts.
The OpenSSH package in Openwall GNU/*/Linux did contain the buffer / memory management errors. As of 2003/09/17, we have included the fixes from OpenSSH 3.7.1 as well as 4 additional fixes to other such real or potential errors based on an exhaustive review of the OpenSSH source code for uses of *realloc() functions. At this time, it is uncertain whether and which of these bugs are exploitable. If exploits are possible, due to privilege separation, the worst direct impact should be limited to arbitrary code execution under the sshd pseudo-user account restricted within the chroot jail /var/empty, or under the logged in user account
We have tested our code and double checked for the code vulnerability and we have found that our code is NOT vulnerable.
PuTTY is not based on the OpenSSH code base, so it should not be vulnerable to any OpenSSH-specific attacks.
Red Hat, Inc.
Red Hat Linux and Red Hat Enterprise Linux ship with an OpenSSL package vulnerable to these issues. Updated OpenSSL packages are available along with our advisory at the URLs below. Users of the Red Hat Network can update their systems using the 'up2date' tool.
Red Hat Linux:
Riverstone Networks has issued an advisory on this issue at http://www.riverstonenet.com/support/tb0265-9.html.
Secure Computing Corporation
Sidewinder(r) and Sidewinder G2 Firewall(tm) (including all appliances)Not Vulnerable.
Sidewinder v5.x & Sidewinder G2 v6.x's embedded Type Enforcement(r) technology strictly limits the capabilities of Secure Computing's modified version of the OpenSSH daemon code integrated into the firewall's SecureOS operating system. Any attempt to exploit this vulnerability in the OpenSSH daemon code running on the firewalls results in an automatic termination of the attacker's connection and multiple Type Enforcement alarms.
Gauntlet(tm) & e-pplianceNot Vulnerable.
Gauntlet and e-ppliance do not include SSH server software, and are thus immune to this vulnerability.
SSH Communications Security
SSH Secure Shell products do not contain the buffer management error. SSH Communications Security products have different code base than OpenSSH.
The Solaris Secure Shell in Solaris 9 is impacted by this issue described in CERT Vulnerability Note VU#333628. Sun has published Sun Alert 56861 available here:
The CERT/CC thanks Markus Friedl of the OpenSSH project for his technical assistance in producing this advisory.
Authors: Jason A. Rafail and Art Manion
Copyright 2003 Carnegie Mellon University.
September 16, 2003: Initial release September 17, 2003: Updated with new information regarding 3.7.1 release September 17, 2003: Added SSH Communications Security vendor statement September 17, 2003: Added Red Hat, Inc. vendor statement September 17, 2003: Added Sun Microsystems vendor statement September 17, 2003: Added NetBSD vendor statement September 17, 2003: Added Network Appliance vendor statement September 18, 2003: Added Cisco vendor statement September 18, 2003: Updated Red Hat, Inc. links in vendor statement September 18, 2003: Added IBM vendor statement September 18, 2003: Added F-Secure vendor statement September 18, 2003: Added OpenWall GNU/*/Linux vendor statement September 22, 2003: Added Juniper Networks vendor statement September 22, 2003: Added Mirapoint vendor statement September 23, 2003: Added Secure Computing Corp. vendor statement September 23, 2003: Added AppGate Network Security AB vendor statement October 01, 2003: Added Apple Computers vendor statement October 01, 2003: Added Pragma Systems vendor statement October 01, 2003: Updated IBM vendor statement October 01, 2003: Added Riverstone vendor statement January 16, 2007: Updated Sun vendor statement August 12, 2008: Updated Network Appliance vendor statement