Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0575

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-0575
Last Modified 05 Sep 2008 04:28:23
Published 18 Jun 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0575

Summary

Buffer overflow in OpenSSH before 2.9.9, and 3.x before 3.2.1, with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing enabled, allows remote and local authenticated users to gain privileges.

Vulnerable Systems

Application

  • Openbsd Openssh 2.1

  • Openbsd Openssh 2.1.1

  • Openbsd Openssh 2.2

  • Openbsd Openssh 2.3

  • Openbsd Openssh 2.5

  • Openbsd Openssh 2.5.1

  • Openbsd Openssh 2.5.2

  • Openbsd Openssh 2.9

  • Openbsd Openssh 2.9.9

  • Openbsd Openssh 2.9p1

  • Openbsd Openssh 2.9p2

  • Openbsd Openssh 3.0

  • Openbsd Openssh 3.0.1

  • Openbsd Openssh 3.0.2

  • Openbsd Openssh 3.1

  • Openbsd Openssh 3.2


References

BID - 4560

XF - openssh-sshd-kerberos-bo(8896)

BUGTRAQ - 20020429 TSLSA-2002-0047 - openssh

OSVDB - 781

BUGTRAQ - 20020426 Revised OpenSSH Security Advisory (adv.token)

BUGTRAQ - 20020419 OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable buffer overflow

BUGTRAQ - 20020517 OpenSSH 3.2.2 released (fwd)

BUGTRAQ - 20020420 OpenSSH Security Advisory (adv.token)

CALDERA - CSSA-2002-022.2


Last Updated: 27 May 2016 10:36:59