• info
• discussion
• exploit
• solution
• references

LSH Remote Buffer Overflow Vulnerability

Solution:
SuSE has released advisory SuSE-SA:2003:041 to address this issue. See referenced advisory for fix information.

Debian has released advisory DSA 717-1 to address this issue. Please see the referenced advisory for further information on obtaining and applying fixes.


GNU lsh 1.3.5

• SuSE lsh-1.3.5-188.i386.patch.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.0/sec3/lsh-1.3.5-188.i386.pa tch.rpm


• SuSE lsh-1.3.5-188.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.0/sec3/lsh-1.3.5-188.i386.rp m

GNU lsh 1.4.2

• GNU lsh-1.4.3.tar.gz
  http://www.lysator.liu.se/~nisse/archive/lsh-1.4.3.tar.gz


• GNU lsh-1.5.3.tar.gz
  http://www.lysator.liu.se/~nisse/archive/lsh-1.5.3.tar.gz


• SuSE lsh-1.4.2-73.i586.patch.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/lsh-1.4.2-73.i586 .patch.rpm


• SuSE lsh-1.4.2-73.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/lsh-1.4.2-73.i586 .rpm

GNU lsh 1.5

• SuSE lsh-1.5-114.i586.patch.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/lsh-1.5-114.i586. patch.rpm


• SuSE lsh-1.5-114.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/lsh-1.5-114.i586. rpm

Debian Linux 3.0 s/390

• Debian lsh-client_1.2.5-2woody3_s390.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-client_1. 2.5-2woody3_s390.deb


• Debian lsh-server_1.2.5-2woody3_s390.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-server_1. 2.5-2woody3_s390.deb


• Debian lsh-utils_1.2.5-2woody3_s390.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils_1.2 .5-2woody3_s390.deb

Debian Linux 3.0 arm

• Debian lsh-client_1.2.5-2woody3_arm.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-client_1. 2.5-2woody3_arm.deb


• Debian lsh-server_1.2.5-2woody3_arm.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-server_1. 2.5-2woody3_arm.deb


• Debian lsh-utils_1.2.5-2woody3_arm.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils_1.2 .5-2woody3_arm.deb

Debian Linux 3.0 alpha

• Debian lsh-client_1.2.5-2woody3_alpha.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-client_1. 2.5-2woody3_alpha.deb


• Debian lsh-server_1.2.5-2woody3_alpha.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-server_1. 2.5-2woody3_alpha.deb


• Debian lsh-utils_1.2.5-2woody3_alpha.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils_1.2 .5-2woody3_alpha.deb

Debian Linux 3.0 mips

• Debian lsh-client_1.2.5-2woody3_mips.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-client_1. 2.5-2woody3_mips.deb


• Debian lsh-server_1.2.5-2woody3_mips.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-server_1. 2.5-2woody3_mips.deb


• Debian lsh-utils_1.2.5-2woody3_mips.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils_1.2 .5-2woody3_mips.deb

Debian Linux 3.0 mipsel

• Debian lsh-client_1.2.5-2woody3_mipsel.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-client_1. 2.5-2woody3_mipsel.deb


• Debian lsh-server_1.2.5-2woody3_mipsel.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-server_1. 2.5-2woody3_mipsel.deb


• Debian lsh-utils_1.2.5-2woody3_mipsel.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils_1.2 .5-2woody3_mipsel.deb

Debian Linux 3.0 m68k

• Debian lsh-client_1.2.5-2woody3_m68k.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-client_1. 2.5-2woody3_m68k.deb


• Debian lsh-server_1.2.5-2woody3_m68k.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-server_1. 2.5-2woody3_m68k.deb


• Debian lsh-utils_1.2.5-2woody3_m68k.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils_1.2 .5-2woody3_m68k.deb

Debian Linux 3.0 sparc

• Debian lsh-server_1.2.5-2woody3_sparc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-server_1. 2.5-2woody3_sparc.deb


• Debian lsh-utils_1.2.5-2woody3_sparc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils_1.2 .5-2woody3_sparc.deb

Debian Linux 3.0 ppc

• Debian lsh-client_1.2.5-2woody3_powerpc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-client_1. 2.5-2woody3_powerpc.deb


• Debian lsh-server_1.2.5-2woody3_powerpc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-server_1. 2.5-2woody3_powerpc.deb


• Debian lsh-utils_1.2.5-2woody3_powerpc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils_1.2 .5-2woody3_powerpc.deb

Debian Linux 3.0 hppa

• Debian lsh-client_1.2.5-2woody3_hppa.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-client_1. 2.5-2woody3_hppa.deb


• Debian lsh-server_1.2.5-2woody3_hppa.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-server_1. 2.5-2woody3_hppa.deb


• Debian lsh-utils_1.2.5-2woody3_hppa.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils_1.2 .5-2woody3_hppa.deb

Debian Linux 3.0

• Debian lsh-utils-doc_1.2.5-2woody3_all.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils-doc _1.2.5-2woody3_all.deb

Debian Linux 3.0 ia-32

• Debian lsh-client_1.2.5-2woody3_i386.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-client_1. 2.5-2woody3_i386.deb


• Debian lsh-server_1.2.5-2woody3_i386.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-server_1. 2.5-2woody3_i386.deb


• Debian lsh-utils_1.2.5-2woody3_i386.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils_1.2 .5-2woody3_i386.deb