Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1644

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2002-1644
Last Modified 05 Sep 2008 04:31:09
Published 25 Nov 2002 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2002-1644

Summary

SSH Secure Shell for Servers and SSH Secure Shell for Workstations 2.0.13 through 3.2.1, when running without a PTY, does not call setsid to remove the child process from the process group of the parent process, which allows attackers to gain certain privileges.

Vulnerable Systems

Application

  • Ssh2 2.0.13

  • Ssh2 2.1

  • Ssh2 2.2

  • Ssh2 2.3

  • Ssh2 2.4

  • Ssh2 2.5

  • Ssh2 3.0

  • Ssh2 3.0.1

  • Ssh2 3.1

  • Ssh2 3.1.1

  • Ssh2 3.1.2

  • Ssh2 3.1.3

  • Ssh2 3.1.4

  • Ssh2 3.2

  • Ssh2 3.2.1


References

CERT-VN - VU#740619

CONFIRM - http://www.ssh.com/company/newsroom/article/286/

BID - 6247

XF - ssh-setsid-privilege-elevation(10710)


Last Updated: 27 May 2016 10:37:26