CVE-2003-0787

critical

Description

The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges.

References

http://www.securityfocus.com/bid/8677

http://www.securityfocus.com/archive/1/338617

http://www.securityfocus.com/archive/1/338616

http://www.openssh.com/txt/sshpam.adv

http://www.kb.cert.org/vuls/id/209807

http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010812.html

Details

Source: Mitre, NVD

Published: 2003-11-17

Updated: 2008-09-10

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

Detections

Analytics