{"cve": [{"lastseen": "2021-02-02T05:19:07", "description": "SSH Secure Shell for Servers and SSH Secure Shell for Workstations 2.0.13 through 3.2.1, when running without a PTY, does not call setsid to remove the child process from the process group of the parent process, which allows attackers to gain certain privileges.", "edition": 4, "cvss3": {}, "published": "2002-11-25T05:00:00", "title": "CVE-2002-1644", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2002-1644"], "modified": "2017-07-11T01:29:00", "cpe": ["cpe:/a:ssh:ssh2:3.1", "cpe:/a:ssh:ssh2:3.2", "cpe:/a:ssh:ssh2:3.1.4", "cpe:/a:ssh:ssh2:2.2", "cpe:/a:ssh:ssh2:2.1", "cpe:/a:ssh:ssh2:3.1.2", "cpe:/a:ssh:ssh2:3.1.3", "cpe:/a:ssh:ssh2:3.1.1", "cpe:/a:ssh:ssh2:3.0.1", "cpe:/a:ssh:ssh2:3.0", "cpe:/a:ssh:ssh2:2.5", "cpe:/a:ssh:ssh2:2.3", "cpe:/a:ssh:ssh2:3.2.1", "cpe:/a:ssh:ssh2:2.0.13", "cpe:/a:ssh:ssh2:2.4"], "id": "CVE-2002-1644", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1644", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:ssh:ssh2:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ssh:ssh2:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:ssh:ssh2:3.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:ssh:ssh2:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:ssh:ssh2:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:ssh:ssh2:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:ssh:ssh2:3.1:*:*:*:*:*:*:*", "cpe:2.3:a:ssh:ssh2:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:ssh:ssh2:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:ssh:ssh2:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:ssh:ssh2:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:ssh:ssh2:2.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:ssh:ssh2:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:ssh:ssh2:3.2:*:*:*:*:*:*:*", "cpe:2.3:a:ssh:ssh2:2.4:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-04-01T06:24:45", "description": "According to its banner, the version of SSH Secure Shell running on\nthe remote host is between 2.0.13 and 3.2.1. There is a bug in such\nversions that may allow a non-interactive shell session, such as used\nin scripts, to obtain higher privileges due to a flaw in the way\nsetsid() is used.", "edition": 25, "published": "2002-11-25T00:00:00", "title": "SSH Secure Shell without PTY setsid() Function Privilege Escalation", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2002-1644"], "modified": "2021-04-02T00:00:00", "cpe": [], "id": "SSH_SETSID.NASL", "href": "https://www.tenable.com/plugins/nessus/11169", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n#\n# Note: This is about SSH.com's SSH, not OpenSSH !!\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(11169);\n script_version(\"1.22\");\n script_cvs_date(\"Date: 2018/07/30 15:31:32\");\n\n script_cve_id(\"CVE-2002-1644\");\n script_bugtraq_id(6247);\n\n script_name(english:\"SSH Secure Shell without PTY setsid() Function Privilege Escalation\");\n script_summary(english:\"Checks for the remote SSH version\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SSH server is affected by a privilege escalation\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of SSH Secure Shell running on\nthe remote host is between 2.0.13 and 3.2.1. There is a bug in such\nversions that may allow a non-interactive shell session, such as used\nin scripts, to obtain higher privileges due to a flaw in the way\nsetsid() is used.\");\n # http://web.archive.org/web/20021207091314/http://www.ssh.com/company/newsroom/article/286/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a7fe1d74\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to SSH Secure Shell 3.1.5 / 3.2.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2002/11/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2002/11/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2002-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Misc.\");\n\n script_dependencie(\"ssh_detect.nasl\", \"os_fingerprint.nasl\");\n script_require_ports(\"Services/ssh\", 22);\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"backport.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nport = get_service(svc:\"ssh\", default:22, exit_on_fail:TRUE);\n\nbanner = get_kb_item_or_exit(\"SSH/banner/\"+port);\nbp_banner = tolower(get_backport_banner(banner:banner));\n\nif (\n !ereg(pattern:\"^ssh-[0-9]+\\.[0-9]+-[0-9]\", string:bp_banner) ||\n\n \"f-secure\" >< bp_banner ||\n \"tru64 unix\" >< bp_banner ||\n \"windows\" >< bp_banner\n) audit(AUDIT_NOT_LISTEN, \"SSH Secure Shell\", port);\n\ntype = get_kb_item(\"Host/OS/Type\");\nif (isnull(type) || type != \"general-purpose\") exit(0, \"The host's type is not general-purpose.\");\n\nitem = eregmatch(pattern:\"^ssh-[0-9]\\.[0-9]+-([0-9][^ ]+)\", string:banner);\nif (isnull(item)) exit(1, 'Failed to parse the banner from the SSH server listening on port ' + port + '.');\nversion = item[1];\n\nif (\n (\n ereg(pattern:\"^2\\..*$\", string:version) &&\n !ereg(pattern:\"^2\\.0\\.([0-9]|0[0-9]|1[0-2])([^0-9]|$)\", string:version)\n ) ||\n ereg(pattern:\"^3\\.(0\\..*|1\\.[0-4]|2\\.[0-1])([^0-9]|$)\", string:version)\n)\n{\n if (report_verbosity > 0)\n {\n report = '\\n Version source : ' + banner +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 3.1.5 / 3.2.2' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"SSH\", port);\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:H/Au:S/C:C/I:C/A:C"}}]}