ID CVE-2002-1715Type cveReporter NVDModified 2017-07-10T21:29:21
Description
SSH 1 through 3, and possibly other versions, allows local users to bypass restricted shells such as rbash or rksh by uploading a script to a world-writeable directory, then executing that script to gain normal shell access.
{"id": "CVE-2002-1715", "bulletinFamily": "NVD", "title": "CVE-2002-1715", "description": "SSH 1 through 3, and possibly other versions, allows local users to bypass restricted shells such as rbash or rksh by uploading a script to a world-writeable directory, then executing that script to gain normal shell access.", "published": "2002-12-31T00:00:00", "modified": "2017-07-10T21:29:21", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1715", "reporter": "NVD", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/8908", "http://www.securityfocus.com/bid/4547"], "cvelist": ["CVE-2002-1715"], "type": "cve", "lastseen": "2017-07-11T11:14:12", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:ssh:ssh:1.2.3", "cpe:/a:ssh:ssh:1.2.21", "cpe:/a:ssh:ssh2:2.0.8", "cpe:/a:ssh:ssh:1.2.20", "cpe:/a:ssh:ssh:1.2.23", "cpe:/a:ssh:ssh2:2.0.5", "cpe:/a:ssh:ssh2:2.0.1", "cpe:/a:ssh:ssh:1.2.22", "cpe:/a:ssh:ssh2:2.0.10", "cpe:/a:ssh:ssh:1.2.28", "cpe:/a:ssh:ssh:1.2.8", "cpe:/a:ssh:ssh:1.2.12", "cpe:/a:ssh:ssh:1.2.6", "cpe:/a:ssh:ssh:1.2.25", "cpe:/a:ssh:ssh:1.2.11", "cpe:/a:ssh:ssh2:2.2", "cpe:/a:ssh:ssh2:2.1", "cpe:/a:ssh:ssh:1.2.19", "cpe:/a:ssh:ssh:1.2.24", "cpe:/a:ssh:ssh:1.2.31", "cpe:/a:ssh:ssh:1.2.26", "cpe:/a:ssh:ssh2:2.0.3", "cpe:/a:ssh:ssh:1.2.2", "cpe:/a:ssh:ssh2:2.0.12", "cpe:/a:ssh:ssh:1.2.5", "cpe:/a:ssh:ssh2:2.0.4", "cpe:/a:ssh:ssh:1.2.1", "cpe:/a:ssh:ssh2:3.0", "cpe:/a:ssh:ssh:1.2.27", "cpe:/a:ssh:ssh2:2.5", "cpe:/a:ssh:ssh2:2.3", "cpe:/a:ssh:ssh2:2.0.7", "cpe:/a:ssh:ssh2:2.0.9", "cpe:/a:ssh:ssh:1.2.13", "cpe:/a:ssh:ssh:1.2.29", "cpe:/a:ssh:ssh:1.2.15", "cpe:/a:ssh:ssh:1.2.17", "cpe:/a:ssh:ssh:1.2.16", "cpe:/a:ssh:ssh:1.2.10", "cpe:/a:ssh:ssh2:2.0.13", "cpe:/a:ssh:ssh:1.2.0", "cpe:/a:ssh:ssh2:2.4", "cpe:/a:ssh:ssh2:2.0.11", "cpe:/a:ssh:ssh:1.2.18", "cpe:/a:ssh:ssh:1.2.9", "cpe:/a:ssh:ssh:1.2.30", "cpe:/a:ssh:ssh:1.2.4", "cpe:/a:ssh:ssh:1.2.7", "cpe:/a:ssh:ssh2:2.0.2", "cpe:/a:ssh:ssh:1.2.14", "cpe:/a:ssh:ssh2:2.0.6", "cpe:/a:ssh:ssh2:2.0"], "cvelist": ["CVE-2002-1715"], "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "SSH 1 through 3, and possibly other versions, allows local users to bypass restricted shells such as rbash or rksh by uploading a script to a world-writeable directory, then executing that script to gain normal shell access.", "edition": 1, "enchantments": {}, "hash": "f03e484692214158345d35de29d65d7dc14ed4b581b98b2dd193b1d5a8dabe4a", "hashmap": [{"hash": "4210437f4530fbb070718c019cf42b8d", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "fa8f175a7bffc00ed9a46e7e15a7daa8", "key": "modified"}, {"hash": "cfd16da9581e0c21db590e40dfd9e493", "key": "cvss"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "1241ea068b9c79ed62c0d053757135f0", "key": "description"}, {"hash": "583a14ee9813368adc131b41d1a4b64b", "key": "references"}, {"hash": "d197061c46fbc4f431a41ab37ad34e95", "key": "cvelist"}, {"hash": "16bd6e4853bc7bf6e8f842668d2e9c94", "key": "href"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "5a2353c589f14c36fcf6561b7e801ad1", "key": "cpe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "acc4130deae029fcb579f5daed93f172", "key": "published"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1715", "id": "CVE-2002-1715", "lastseen": "2016-09-03T03:41:43", "modified": "2008-09-05T16:31:19", "objectVersion": "1.2", "published": "2002-12-31T00:00:00", "references": ["http://xforce.iss.net/xforce/xfdb/8908", "http://www.securityfocus.com/bid/4547"], "reporter": "NVD", "scanner": [], "title": "CVE-2002-1715", "type": "cve", "viewCount": 2}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T03:41:43"}], "edition": 2, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "5a2353c589f14c36fcf6561b7e801ad1"}, {"key": "cvelist", "hash": "d197061c46fbc4f431a41ab37ad34e95"}, {"key": "cvss", "hash": "cfd16da9581e0c21db590e40dfd9e493"}, {"key": "description", "hash": "1241ea068b9c79ed62c0d053757135f0"}, {"key": "href", "hash": "16bd6e4853bc7bf6e8f842668d2e9c94"}, {"key": "modified", "hash": "8e4203d2ce73dd1e8eeed2cf180d7d55"}, {"key": "published", "hash": "acc4130deae029fcb579f5daed93f172"}, {"key": "references", "hash": "5e4b0f8239efb063ddc1616ad64de44f"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "4210437f4530fbb070718c019cf42b8d"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "1827af1b3b1a47cdf89c7ac213753bf6c90cbfd9914b03c526f86d13d33274ac", "viewCount": 2, "enchantments": {"vulnersScore": 7.2}, "objectVersion": "1.3", "cpe": ["cpe:/a:ssh:ssh:1.2.3", "cpe:/a:ssh:ssh:1.2.21", "cpe:/a:ssh:ssh2:2.0.8", "cpe:/a:ssh:ssh:1.2.20", "cpe:/a:ssh:ssh:1.2.23", "cpe:/a:ssh:ssh2:2.0.5", "cpe:/a:ssh:ssh2:2.0.1", "cpe:/a:ssh:ssh:1.2.22", "cpe:/a:ssh:ssh2:2.0.10", "cpe:/a:ssh:ssh:1.2.28", "cpe:/a:ssh:ssh:1.2.8", "cpe:/a:ssh:ssh:1.2.12", "cpe:/a:ssh:ssh:1.2.6", "cpe:/a:ssh:ssh:1.2.25", "cpe:/a:ssh:ssh:1.2.11", "cpe:/a:ssh:ssh2:2.2", "cpe:/a:ssh:ssh2:2.1", "cpe:/a:ssh:ssh:1.2.19", "cpe:/a:ssh:ssh:1.2.24", "cpe:/a:ssh:ssh:1.2.31", "cpe:/a:ssh:ssh:1.2.26", "cpe:/a:ssh:ssh2:2.0.3", "cpe:/a:ssh:ssh:1.2.2", "cpe:/a:ssh:ssh2:2.0.12", "cpe:/a:ssh:ssh:1.2.5", "cpe:/a:ssh:ssh2:2.0.4", "cpe:/a:ssh:ssh:1.2.1", "cpe:/a:ssh:ssh2:3.0", "cpe:/a:ssh:ssh:1.2.27", "cpe:/a:ssh:ssh2:2.5", "cpe:/a:ssh:ssh2:2.3", "cpe:/a:ssh:ssh2:2.0.7", "cpe:/a:ssh:ssh2:2.0.9", "cpe:/a:ssh:ssh:1.2.13", "cpe:/a:ssh:ssh:1.2.29", "cpe:/a:ssh:ssh:1.2.15", "cpe:/a:ssh:ssh:1.2.17", "cpe:/a:ssh:ssh:1.2.16", "cpe:/a:ssh:ssh:1.2.10", "cpe:/a:ssh:ssh2:2.0.13", "cpe:/a:ssh:ssh:1.2.0", "cpe:/a:ssh:ssh2:2.4", "cpe:/a:ssh:ssh2:2.0.11", "cpe:/a:ssh:ssh:1.2.18", "cpe:/a:ssh:ssh:1.2.9", "cpe:/a:ssh:ssh:1.2.30", "cpe:/a:ssh:ssh:1.2.4", "cpe:/a:ssh:ssh:1.2.7", "cpe:/a:ssh:ssh2:2.0.2", "cpe:/a:ssh:ssh:1.2.14", "cpe:/a:ssh:ssh2:2.0.6", "cpe:/a:ssh:ssh2:2.0"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}
{"result": {"exploitdb": [{"id": "EDB-ID:21398", "type": "exploitdb", "title": "SSH2 3.0 Restricted Shell Escaping Command Execution Vulnerability", "description": "SSH2 3.0 Restricted Shell Escaping Command Execution Vulnerability. CVE-2002-1715. Local exploit for linux platform", "published": "2002-04-18T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.exploit-db.com/exploits/21398/", "cvelist": ["CVE-2002-1715"], "lastseen": "2016-02-02T16:23:05"}], "osvdb": [{"id": "OSVDB:23589", "type": "osvdb", "title": "SSH Directory Permission Weakness Restricted Shell Bypass", "description": "# No description provided by the source\n\n## References:\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-04/0245.html\nISS X-Force ID: 8908\n[CVE-2002-1715](https://vulners.com/cve/CVE-2002-1715)\nBugtraq ID: 4547\n", "published": "2002-04-18T22:23:20", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/osvdb/OSVDB:23589", "cvelist": ["CVE-2002-1715"], "lastseen": "2017-04-28T13:20:20"}]}}
