TROYANOSYVIRUS
Back to CVEs

CVE-2002-0639

CRITICAL
9.8

Description

Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication.

CVE Details

CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published7/3/2002
Last Modified4/16/2026
Sourcenvd
Honeypot Sightings0

Affected Products

openbsd:openssh

Weaknesses (CWE)

CWE-190

References

ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-030.0.txt(cve@mitre.org)
http://archives.neohapsis.com/archives/bugtraq/2002-06/0335.html(cve@mitre.org)
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000502(cve@mitre.org)
http://marc.info/?l=bugtraq&m=102514371522793&w=2(cve@mitre.org)
http://marc.info/?l=bugtraq&m=102514631524575&w=2(cve@mitre.org)
http://marc.info/?l=bugtraq&m=102521542826833&w=2(cve@mitre.org)
http://www.cert.org/advisories/CA-2002-18.html(cve@mitre.org)
http://www.debian.org/security/2002/dsa-134(cve@mitre.org)
http://www.iss.net/security_center/static/9169.php(cve@mitre.org)
http://www.kb.cert.org/vuls/id/369347(cve@mitre.org)
http://www.linuxsecurity.com/advisories/other_advisory-2177.html(cve@mitre.org)
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:040(cve@mitre.org)
http://www.osvdb.org/6245(cve@mitre.org)
http://www.securityfocus.com/bid/5093(cve@mitre.org)
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0206-195(cve@mitre.org)
https://twitter.com/RooneyMcNibNug/status/1152332585349111810(cve@mitre.org)
https://web.archive.org/web/20080622172542/www.iss.net/threats/advise123.html(cve@mitre.org)
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-030.0.txt(af854a3a-2127-422b-91ae-364da2661108)
http://archives.neohapsis.com/archives/bugtraq/2002-06/0335.html(af854a3a-2127-422b-91ae-364da2661108)
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000502(af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=102514371522793&w=2(af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=102514631524575&w=2(af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=102521542826833&w=2(af854a3a-2127-422b-91ae-364da2661108)
http://www.cert.org/advisories/CA-2002-18.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2002/dsa-134(af854a3a-2127-422b-91ae-364da2661108)
http://www.iss.net/security_center/static/9169.php(af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/369347(af854a3a-2127-422b-91ae-364da2661108)
http://www.linuxsecurity.com/advisories/other_advisory-2177.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:040(af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/6245(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/5093(af854a3a-2127-422b-91ae-364da2661108)
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0206-195(af854a3a-2127-422b-91ae-364da2661108)
https://twitter.com/RooneyMcNibNug/status/1152332585349111810(af854a3a-2127-422b-91ae-364da2661108)
https://web.archive.org/web/20080622172542/www.iss.net/threats/advise123.html(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.