CVE-2002-0639

CRITICAL

9.8

Description

Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication.

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie7/3/2002

Derniere modification4/16/2026

Sourcenvd

Observations honeypot0

Produits affectes

openbsd:openssh

Faiblesses (CWE)

CWE-190

References

ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-030.0.txt(cve@mitre.org)

http://archives.neohapsis.com/archives/bugtraq/2002-06/0335.html(cve@mitre.org)

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000502(cve@mitre.org)

http://marc.info/?l=bugtraq&m=102514371522793&w=2(cve@mitre.org)

http://marc.info/?l=bugtraq&m=102514631524575&w=2(cve@mitre.org)

http://marc.info/?l=bugtraq&m=102521542826833&w=2(cve@mitre.org)

http://www.cert.org/advisories/CA-2002-18.html(cve@mitre.org)

http://www.debian.org/security/2002/dsa-134(cve@mitre.org)

http://www.iss.net/security_center/static/9169.php(cve@mitre.org)

http://www.kb.cert.org/vuls/id/369347(cve@mitre.org)

http://www.linuxsecurity.com/advisories/other_advisory-2177.html(cve@mitre.org)

http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:040(cve@mitre.org)

http://www.osvdb.org/6245(cve@mitre.org)

http://www.securityfocus.com/bid/5093(cve@mitre.org)

http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0206-195(cve@mitre.org)

https://twitter.com/RooneyMcNibNug/status/1152332585349111810(cve@mitre.org)

https://web.archive.org/web/20080622172542/www.iss.net/threats/advise123.html(cve@mitre.org)

ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-030.0.txt(af854a3a-2127-422b-91ae-364da2661108)

http://archives.neohapsis.com/archives/bugtraq/2002-06/0335.html(af854a3a-2127-422b-91ae-364da2661108)

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000502(af854a3a-2127-422b-91ae-364da2661108)

http://marc.info/?l=bugtraq&m=102514371522793&w=2(af854a3a-2127-422b-91ae-364da2661108)

http://marc.info/?l=bugtraq&m=102514631524575&w=2(af854a3a-2127-422b-91ae-364da2661108)

http://marc.info/?l=bugtraq&m=102521542826833&w=2(af854a3a-2127-422b-91ae-364da2661108)

http://www.cert.org/advisories/CA-2002-18.html(af854a3a-2127-422b-91ae-364da2661108)

http://www.debian.org/security/2002/dsa-134(af854a3a-2127-422b-91ae-364da2661108)

http://www.iss.net/security_center/static/9169.php(af854a3a-2127-422b-91ae-364da2661108)

http://www.kb.cert.org/vuls/id/369347(af854a3a-2127-422b-91ae-364da2661108)

http://www.linuxsecurity.com/advisories/other_advisory-2177.html(af854a3a-2127-422b-91ae-364da2661108)

http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:040(af854a3a-2127-422b-91ae-364da2661108)

http://www.osvdb.org/6245(af854a3a-2127-422b-91ae-364da2661108)

http://www.securityfocus.com/bid/5093(af854a3a-2127-422b-91ae-364da2661108)

http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0206-195(af854a3a-2127-422b-91ae-364da2661108)

https://twitter.com/RooneyMcNibNug/status/1152332585349111810(af854a3a-2127-422b-91ae-364da2661108)

https://web.archive.org/web/20080622172542/www.iss.net/threats/advise123.html(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.