Lucene search

[email protected]CVE-2002-0639

HistoryJul 03, 2002 - 4:00 a.m.

CVE-2002-0639

2002-07-0304:00:00

CWE-190

[email protected]

web.nvd.nist.gov

208

cve-2002-0639

integer overflow

sshd

openssh

remote attackers

arbitrary code

challenge response authentication

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.287 Low

EPSS

Percentile

96.8%

JSON

Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication.

CPENameOperatorVersion
openbsd:opensshopenbsd opensshle3.3

CPE	Name	Operator	Version
openbsd:openssh	openbsd openssh	le	3.3

References

ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-030.0.txt

archives.neohapsis.com/archives/bugtraq/2002-06/0335.html

distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000502

marc.info/?l=bugtraq&m=102514371522793&w=2

marc.info/?l=bugtraq&m=102514631524575&w=2

marc.info/?l=bugtraq&m=102521542826833&w=2

www.cert.org/advisories/CA-2002-18.html

www.debian.org/security/2002/dsa-134

www.iss.net/security_center/static/9169.php

www.kb.cert.org/vuls/id/369347

www.linuxsecurity.com/advisories/other_advisory-2177.html

www.mandrakesoft.com/security/advisories?name=MDKSA-2002:040

www.osvdb.org/6245

www.securityfocus.com/bid/5093

www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0206-195

twitter.com/RooneyMcNibNug/status/1152332585349111810

web.archive.org/web/20080622172542/www.iss.net/threats/advise123.html

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.287 Low

EPSS

Percentile

96.8%

JSON

Related for CVE-2002-0639

cert1 debiancve1 nessus4 openvas2 cve1