CVE Details for CVE: CVE-2002-0639
Summary
Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication.
| Timestamps | |
|---|---|
| Last major update | 18-10-2016 - 02:20 |
| Published | 03-07-2002 - 04:00 |
| Last modified | 18-10-2016 - 02:20 |
References
- http://www.kb.cert.org/vuls/id/369347
- http://www.cert.org/advisories/CA-2002-18.html
- http://www.debian.org/security/2002/dsa-134
- http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0206-195
- ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-030.0.txt
- http://archives.neohapsis.com/archives/bugtraq/2002-06/0335.html
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000502
- http://www.linuxsecurity.com/advisories/other_advisory-2177.html
- http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:040
- http://www.securityfocus.com/bid/5093
- http://www.iss.net/security_center/static/9169.php
- http://www.osvdb.org/6245
- http://marc.info/?l=bugtraq&m=102514371522793&w=2
- http://marc.info/?l=bugtraq&m=102514631524575&w=2
- http://marc.info/?l=bugtraq&m=102521542826833&w=2
- https://web.archive.org/web/20080622172542/www.iss.net/threats/advise123.html
- https://twitter.com/RooneyMcNibNug/status/1152332585349111810
Vulnerable Configurations
-
cpe:2.3:a:openbsd:openssh:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.2.2:*:*:*:*:*:*:*
-
cpe:2.3:a:openbsd:openssh:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.5.1:*:*:*:*:*:*:*
-
cpe:2.3:a:openbsd:openssh:2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.5.2:*:*:*:*:*:*:*
-
cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*
-
cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*
-
cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:*
-
cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*
-
cpe:2.3:a:openbsd:openssh:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.2.3:*:*:*:*:*:*:*
-
cpe:2.3:a:openbsd:openssh:2.3:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.3:*:*:*:*:*:*:*
-
cpe:2.3:a:openbsd:openssh:2.5:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.5:*:*:*:*:*:*:*
-
cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*
-
cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*
-
cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*
-
cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*
-
cpe:2.3:a:openbsd:openssh:2.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.1:*:*:*:*:*:*:*
-
cpe:2.3:a:openbsd:openssh:2.9:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9:*:*:*:*:*:*:*
-
cpe:2.3:a:openbsd:openssh:2.9.9:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9.9:*:*:*:*:*:*:*
-
cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*
-
cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:*
-
cpe:2.3:a:openbsd:openssh:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.1.1:*:*:*:*:*:*:*
-
cpe:2.3:a:openbsd:openssh:2.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.2:*:*:*:*:*:*:*
-
cpe:2.3:a:openbsd:openssh:2.9p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9p1:*:*:*:*:*:*:*
-
cpe:2.3:a:openbsd:openssh:2.9p2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9p2:*:*:*:*:*:*:*
-
cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*
-
cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*
-
cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:*
CWE
CVSS
Base
10.0
Impact
10.0
Exploitability
10.0
Access
| Vector | Complexity | Authentication |
|---|---|---|
| NETWORK | LOW | NONE |
Impact
| Confidentiality | Integrity | Availability |
|---|---|---|
| COMPLETE | COMPLETE | COMPLETE |
CVSS3
None
VIA4 references
cvss-vector
via4
refmap
via4
| bid | 5093 |
| bugtraq | |
| caldera | CSSA-2002-030.0 |
| cert | CA-2002-18 |
| cert-vn | VU#369347 |
| conectiva | CLA-2002:502 |
| debian | DSA-134 |
| engarde | ESA-20020702-016 |
| hp | HPSBUX0206-195 |
| iss | 20020626 OpenSSH Remote Challenge Vulnerability |
| mandrake | MDKSA-2002:040 |
| misc | https://twitter.com/RooneyMcNibNug/status/1152332585349111810 |
| netbsd | 2002-005 |
| osvdb | 6245 |
| xf | openssh-challenge-response-bo(9169) |
statements
via4