The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges.Referenceshttp://www.openssh.com/txt/sshpam.advhttp://www.securityfocus.com/bid/8677http://www.kb.cert.org/vuls/id/209807http://www.securityfocus.com/archive/1/338617http://www.securityfocus.com/archive/1/338616http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010812.html
