One of the security tool has generated reports for our production system which is RedHat Linux 2.1 installed on it.
The error in question is :
OpenSSH may be vulnerable CVE-2003-0693
A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute
arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than
Till now I was trying to upgrade the openssh package to openssh-3.7.Now the only solution to this vulnerability is to upgrade
or apply patch.Upgradation , is creating N no. of dependancies...which we are reluctant to go ahead with.
Also up2date requires valid subscription to redhat ?? Please comment on this.
Solution I have found on Internet somehow:
Now the above patch needs to be applied (and my long awaited problem can be resolved ..atleast I hope so).
But now the problem is how to apply it in the system?? When I referred to this link , found that its a some kind of C- code.
How to apply the above path ?
Can you help me in this case ??