|
|
OpenSSH PAM Conversation Memory Scrubbing Weakness
|
Bugtraq ID:
|
9040
|
|
Class:
|
Design Error
|
|
CVE:
|
|
|
Remote:
|
No
|
|
Local:
|
Yes
|
|
Published:
|
Nov 13 2003 12:00AM
|
|
Updated:
|
Nov 13 2003 12:00AM
|
|
Credit:
|
Discovery credited to Markus Kuhn.
|
|
Vulnerable:
|
OpenSSH OpenSSH 3.7.1 p1
+
SCO Open Server 5.0.7
OpenSSH OpenSSH 3.7 p1
OpenSSH OpenSSH 3.7 .1p2
OpenSSH OpenSSH 3.6.1 p2
+
MandrakeSoft Corporate Server 2.1 x86_64
+
MandrakeSoft Corporate Server 2.1
+
MandrakeSoft Linux Mandrake 9.1 ppc
+
MandrakeSoft Linux Mandrake 9.1
+
MandrakeSoft Linux Mandrake 9.0
+
MandrakeSoft Linux Mandrake 8.2 ppc
+
MandrakeSoft Linux Mandrake 8.2
+
MandrakeSoft Multi Network Firewall 2.0
+
Trustix Secure Linux 2.0
OpenSSH OpenSSH 3.6.1 p1
+
OpenPKG OpenPKG Current
+
Slackware Linux 9.0
+
Slackware Linux -current
OpenSSH OpenSSH 3.5 p1
+
Conectiva Linux 9.0
+
OpenPKG OpenPKG 1.2
+
RedHat Linux 9.0 i386
+
S.u.S.E. Linux Personal 8.2
+
Terra Soft Solutions Yellow Dog Linux 3.0
OpenSSH OpenSSH 3.4 p1
+
Conectiva Linux 8.0
+
Conectiva Linux 7.0
+
Conectiva Linux 6.0
+
Conectiva Linux Enterprise Edition 1.0
+
Debian Linux 3.0 sparc
+
Debian Linux 3.0 s/390
+
Debian Linux 3.0 ppc
+
Debian Linux 3.0 mipsel
+
Debian Linux 3.0 mips
+
Debian Linux 3.0 m68k
+
Debian Linux 3.0 ia-64
+
Debian Linux 3.0 ia-32
+
Debian Linux 3.0 hppa
+
Debian Linux 3.0 arm
+
Debian Linux 3.0 alpha
+
FreeBSD FreeBSD 5.0
+
FreeBSD FreeBSD 4.7 -RELEASE
+
FreeBSD FreeBSD 4.7
+
IBM AIX 5.1 L
+
IBM AIX 4.3.3
+
Immunix Immunix OS 7+
+
RedHat Linux 8.0
+
S.u.S.E. Linux 8.1
+
S.u.S.E. Linux 8.0
+
Slackware Linux 8.1
OpenSSH OpenSSH 3.3 p1
+
Conectiva Linux 8.0
+
Conectiva Linux 7.0
+
Conectiva Linux 6.0
OpenSSH OpenSSH 3.2.3 p1
OpenSSH OpenSSH 3.2.2 p1
+
Apple Mac OS X 10.1.5
+
Apple Mac OS X 10.1.4
+
Apple Mac OS X 10.1.3
+
Apple Mac OS X 10.1.2
+
Apple Mac OS X 10.1.1
+
Apple Mac OS X 10.1
+
Apple Mac OS X 10.1
+
Apple Mac OS X 10.0.4
+
Apple Mac OS X 10.0.3
+
Apple Mac OS X 10.0.2
+
Apple Mac OS X 10.0.1
+
Apple Mac OS X 10.0
OpenSSH OpenSSH 3.1 p1
+
Juniper Networks NetScreen-IDP 10 3.0 r2
+
Juniper Networks NetScreen-IDP 10 3.0 r1
+
Juniper Networks NetScreen-IDP 10 3.0
+
Juniper Networks NetScreen-IDP 100 3.0 r2
+
Juniper Networks NetScreen-IDP 100 3.0 r1
+
Juniper Networks NetScreen-IDP 100 3.0
+
Juniper Networks NetScreen-IDP 1000 3.0 r2
+
Juniper Networks NetScreen-IDP 1000 3.0 r1
+
Juniper Networks NetScreen-IDP 1000 3.0
+
Juniper Networks NetScreen-IDP 500 3.0 r2
+
Juniper Networks NetScreen-IDP 500 3.0 r1
+
Juniper Networks NetScreen-IDP 500 3.0
+
RedHat Enterprise Linux AS 2.1 IA64
+
RedHat Enterprise Linux AS 2.1
+
RedHat Enterprise Linux ES 2.1 IA64
+
RedHat Enterprise Linux ES 2.1
+
RedHat Enterprise Linux WS 2.1 IA64
+
RedHat Enterprise Linux WS 2.1
+
RedHat Linux 7.3
+
RedHat Linux 7.2
+
RedHat Linux 7.1
+
RedHat Linux for iSeries 7.1
+
RedHat Linux for pSeries 7.1
+
Slackware Linux 8.1
+
Sun Linux 5.0.7
+
Sun Solaris 9
+
Trustix Secure Linux 1.5
+
Trustix Secure Linux 1.2
+
Trustix Secure Linux 1.1
OpenSSH OpenSSH 3.0.2 p1
+
Guardian Digital Engarde Secure Linux 1.0.1
+
HP VirtualVault 4.6
OpenSSH OpenSSH 3.0.1 p1
OpenSSH OpenSSH 3.0 p1
|
|
|
|
Not Vulnerable:
|
|
|
|
