Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0639

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2002-0639
Last Modified 10 Sep 2008 03:12:37
Published 03 Jul 2002 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0639

Summary

Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication.

Vulnerable Systems

Application

  • Openbsd Openssh 1.2.2

  • Openbsd Openssh 1.2.3

  • Openbsd Openssh 2.1

  • Openbsd Openssh 2.1.1

  • Openbsd Openssh 2.2

  • Openbsd Openssh 2.3

  • Openbsd Openssh 2.5

  • Openbsd Openssh 2.5.1

  • Openbsd Openssh 2.5.2

  • Openbsd Openssh 2.9

  • Openbsd Openssh 2.9.9

  • Openbsd Openssh 2.9p1

  • Openbsd Openssh 2.9p2

  • Openbsd Openssh 3.0

  • Openbsd Openssh 3.0.1

  • Openbsd Openssh 3.0.1p1

  • Openbsd Openssh 3.0.2

  • Openbsd Openssh 3.0.2p1

  • Openbsd Openssh 3.0p1

  • Openbsd Openssh 3.1

  • Openbsd Openssh 3.1p1

  • Openbsd Openssh 3.2

  • Openbsd Openssh 3.2.2p1

  • Openbsd Openssh 3.2.3p1

  • Openbsd Openssh 3.3

  • Openbsd Openssh 3.3p1


References

CERT-VN - VU#369347

CERT - CA-2002-18

HP - HPSBUX0206-195

BID - 5093

OSVDB - 6245

MANDRAKE - MDKSA-2002:040

ENGARDE - ESA-20020702-016

XF - openssh-challenge-response-bo(9169)

DEBIAN - DSA-134

BUGTRAQ - 20020627 How to reproduce OpenSSH Overflow.

BUGTRAQ - 20020626 Revised OpenSSH Security Advisory (adv.iss)

BUGTRAQ - 20020626 OpenSSH Security Advisory (adv.iss)

CONECTIVA - CLA-2002:502

BUGTRAQ - 20020626 [OpenPKG-SA-2002.005] OpenPKG Security Advisory (openssh)

CALDERA - CSSA-2002-030.0


Last Updated: 27 May 2016 10:37:00