Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0083

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2002-0083
Last Modified 20 Nov 2008 12:00:00
Published 15 Mar 2002 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0083

Summary

Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.

Vulnerable Systems

Operating System

  • Conectiva Linux 5.0

  • Conectiva Linux 5.1

  • Conectiva Linux 6.0

  • Conectiva Linux 7.0

  • Conectiva Linux Ecommerce

  • Conectiva Linux Graficas

  • Engardelinux Secure Linux 1.0.1

  • Mandrakesoft Mandrake Linux 7.1

  • Mandrakesoft Mandrake Linux 7.2

  • Mandrakesoft Mandrake Linux 8.0

  • Mandrakesoft Mandrake Linux 8.1

  • Mandrakesoft Mandrake Linux Corporate Server 1.0.1

  • Redhat Linux 7.0

  • Redhat Linux 7.1

  • Redhat Linux 7.2

  • Suse Linux 6.4

  • Suse Linux 7.0

  • Suse Linux 7.1

  • Suse Linux 7.2

  • Suse Linux 7.3

  • Trustix Secure Linux 1.1

  • Trustix Secure Linux 1.2

  • Trustix Secure Linux 1.5

Application

  • Immunix 7.0

  • Mandrakesoft Mandrake Single Network Firewall 7.2

  • Openbsd Openssh 2.1

  • Openbsd Openssh 2.1.1

  • Openbsd Openssh 2.2

  • Openbsd Openssh 2.3

  • Openbsd Openssh 2.5

  • Openbsd Openssh 2.5.1

  • Openbsd Openssh 2.5.2

  • Openbsd Openssh 2.9

  • Openbsd Openssh 2.9.9

  • Openbsd Openssh 2.9p1

  • Openbsd Openssh 2.9p2

  • Openbsd Openssh 3.0.1

  • Openpkg 1.0


References

ENGARDE - ESA-20020307-007

BID - 4241

REDHAT - RHSA-2002:043

OSVDB - 730

CONFIRM - http://www.openbsd.org/advisories/ssh_channelalloc.txt

SUSE - SuSE-SA:2002:009

MANDRAKE - MDKSA-2002:019

XF - openssh-channel-error(8383)

DEBIAN - DSA-119

CALDERA - CSSA-2002-012.0

BUGTRAQ - 20020328 OpenSSH channel_lookup() off by one exploit

HP - HPSBTL0203-029

BUGTRAQ - 20020310 OpenSSH 2.9.9p2 packages for Immunix 6.2 with latest fix

BUGTRAQ - 20020308 [OpenPKG-SA-2002.002] OpenPKG Security Advisory (openssh)

BUGTRAQ - 20020307 OpenSSH Security Advisory (adv.channelalloc)

BUGTRAQ - 20020307 [PINE-CERT-20020301] OpenSSH off-by-one

CONECTIVA - CLA-2002:467

VULNWATCH - 20020307 [VulnWatch] [PINE-CERT-20020301] OpenSSH off-by-one

BUGTRAQ - 20020311 TSLSA-2002-0039 - openssh

CALDERA - CSSA-2002-SCO.11

CALDERA - CSSA-2002-SCO.10

NETBSD - NetBSD-SA2002-004

FREEBSD - FreeBSD-SA-02:13


Last Updated: 27 May 2016 10:36:46