Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0640

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2002-0640
Last Modified 10 Sep 2008 03:12:37
Published 03 Jul 2002 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0640

Summary

Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers to execute arbitrary code via a large number of responses during challenge response authentication when OpenBSD is using PAM modules with interactive keyboard authentication (PAMAuthenticationViaKbdInt).

Vulnerable Systems

Application

  • Openbsd Openssh 1.2.2

  • Openbsd Openssh 1.2.3

  • Openbsd Openssh 2.1

  • Openbsd Openssh 2.1.1

  • Openbsd Openssh 2.2

  • Openbsd Openssh 2.3

  • Openbsd Openssh 2.5

  • Openbsd Openssh 2.5.1

  • Openbsd Openssh 2.5.2

  • Openbsd Openssh 2.9

  • Openbsd Openssh 2.9.9

  • Openbsd Openssh 2.9p1

  • Openbsd Openssh 2.9p2

  • Openbsd Openssh 3.0

  • Openbsd Openssh 3.0.1

  • Openbsd Openssh 3.0.1p1

  • Openbsd Openssh 3.0.2

  • Openbsd Openssh 3.0.2p1

  • Openbsd Openssh 3.0p1

  • Openbsd Openssh 3.1

  • Openbsd Openssh 3.1p1

  • Openbsd Openssh 3.2

  • Openbsd Openssh 3.2.2p1

  • Openbsd Openssh 3.2.3p1

  • Openbsd Openssh 3.3

  • Openbsd Openssh 3.3p1


References

CERT-VN - VU#369347

CERT - CA-2002-18

HP - HPSBUX0206-195

BID - 5093

REDHAT - RHSA-2002:131

REDHAT - RHSA-2002:127

OSVDB - 839

SUSE - SuSE-SA:2002:024

MANDRAKE - MDKSA-2002:040

ENGARDE - ESA-20020702-016

DEBIAN - DSA-134

BUGTRAQ - 20020628 Sun statement on the OpenSSH Remote Challenge Vulnerability

BUGTRAQ - 20020627 How to reproduce OpenSSH Overflow.

BUGTRAQ - 20020626 Revised OpenSSH Security Advisory (adv.iss)

BUGTRAQ - 20020626 OpenSSH Security Advisory (adv.iss)

CONECTIVA - CLA-2002:502

CALDERA - CSSA-2002-030.0


Last Updated: 27 May 2016 10:37:00