10

CVE-2002-0083

Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ImmunixImmunix Version7.0
OpenbsdOpenssh Version >= 2.0 < 3.1
OpenpkgOpenpkg Version1.0
ConectivaLinux Version5.0
ConectivaLinux Version5.1
ConectivaLinux Version6.0
ConectivaLinux Version7.0
ConectivaLinux Versionecommerce
ConectivaLinux Versiongraficas
EngardelinuxSecure Linux Version1.0.1
MandrakesoftMandrake Linux Version7.1
MandrakesoftMandrake Linux Version7.2
MandrakesoftMandrake Linux Version8.0
MandrakesoftMandrake Linux Version8.0 Editionppc
MandrakesoftMandrake Linux Version8.1
RedhatLinux Version7.0
RedhatLinux Version7.1
RedhatLinux Version7.2
SuseSuse Linux Version6.4 Editioni386
SuseSuse Linux Version6.4 Editionppc
SuseSuse Linux Version6.4 Updatealpha
SuseSuse Linux Version7.0 Editioni386
SuseSuse Linux Version7.0 Editionppc
SuseSuse Linux Version7.0 Editionsparc
SuseSuse Linux Version7.0 Updatealpha
SuseSuse Linux Version7.1 Editionspa
SuseSuse Linux Version7.1 Editionsparc
SuseSuse Linux Version7.1 Editionx86
SuseSuse Linux Version7.1 Updatealpha
SuseSuse Linux Version7.2 Editioni386
SuseSuse Linux Version7.3 Editioni386
SuseSuse Linux Version7.3 Editionppc
SuseSuse Linux Version7.3 Editionsparc
TrustixSecure Linux Version1.1
TrustixSecure Linux Version1.2
TrustixSecure Linux Version1.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 14.8% 0.963
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-193 Off-by-one Error

A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc
Broken Link
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-004.txt.asc
Broken Link
ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.10/CSSA-2002-SCO.10.txt
Broken Link
ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.11/CSSA-2002-SCO.11.txt
Broken Link
http://archives.neohapsis.com/archives/bugtraq/2002-03/0108.html
Broken Link
http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0060.html
Broken Link
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000467
Broken Link
http://marc.info/?l=bugtraq&m=101552065005254&w=2
Mailing List
http://marc.info/?l=bugtraq&m=101553908201861&w=2
Mailing List
http://marc.info/?l=bugtraq&m=101561384821761&w=2
Mailing List
http://marc.info/?l=bugtraq&m=101586991827622&w=2
Patch
Mailing List
http://online.securityfocus.com/advisories/3960
Third Party Advisory
Broken Link
VDB Entry
http://online.securityfocus.com/archive/1/264657
Third Party Advisory
Broken Link
VDB Entry
http://www.calderasystems.com/support/security/advisories/CSSA-2002-012.0.txt
Broken Link
http://www.debian.org/security/2002/dsa-119
Vendor Advisory
Broken Link
http://www.iss.net/security_center/static/8383.php
Broken Link
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-019.php
Broken Link
http://www.linuxsecurity.com/advisories/other_advisory-1937.html
Patch
Vendor Advisory
Broken Link
http://www.novell.com/linux/security/advisories/2002_009_openssh_txt.html
Broken Link
http://www.openbsd.org/advisories/ssh_channelalloc.txt
Vendor Advisory
http://www.osvdb.org/730
Broken Link
http://www.redhat.com/support/errata/RHSA-2002-043.html
Broken Link
http://www.securityfocus.com/bid/4241
Third Party Advisory
Broken Link
VDB Entry