CVE-2003-0826

Currently unrated

Key Information:

Vendor: Gnu
Status: Lsh
Vendor: CVE Published:; 6 October 2003

Summary

lsh daemon (lshd) does not properly return from certain functions in (1) read_line.c, (2) channel_commands.c, or (3) client_keyexchange.c when long input is provided, which could allow remote attackers to execute arbitrary code via a heap-based buffer overflow attack.

References

http://lists.grok.org.uk/pipermail/full-disclosure/2003-S...

mailing-listx_refsource_FULLDISC

http://lists.lysator.liu.se/pipermail/lsh-bugs/2003q3/000...

x_refsource_CONFIRM

http://bugs.debian.org/211662

x_refsource_CONFIRM

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 6, 2003
Vulnerability Reserved
Sep 19, 2003