Description
The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges.
References (6)
Core 6
Core References
Various Sources x_refsource_confirm
http://www.openssh.com/txt/sshpam.adv
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/8677
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/209807
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/338617
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/338616
Mailing List mailing-list
x_refsource_fulldisc
http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010812.html
Scores
EPSS
0.0046
EPSS Percentile
64.5%
Details
Status
published
Products (2)
openbsd/openssh
3.7.1
openbsd/openssh
3.7.1p1
Published
Nov 17, 2003
Tracked Since
Feb 18, 2026