10

CVE-2002-0639

Exploit
Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenbsdOpenssh Version >= 2.9.9 <= 3.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 18.43% 0.969
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-030.0.txt
Broken Link
http://archives.neohapsis.com/archives/bugtraq/2002-06/0335.html
Broken Link
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000502
Broken Link
http://marc.info/?l=bugtraq&m=102514371522793&w=2
Exploit
Mailing List
http://marc.info/?l=bugtraq&m=102514631524575&w=2
Exploit
Mailing List
http://marc.info/?l=bugtraq&m=102521542826833&w=2
Exploit
Mailing List
http://www.cert.org/advisories/CA-2002-18.html
Third Party Advisory
US Government Resource
http://www.debian.org/security/2002/dsa-134
Broken Link
http://www.iss.net/security_center/static/9169.php
Broken Link
http://www.kb.cert.org/vuls/id/369347
Third Party Advisory
US Government Resource
http://www.linuxsecurity.com/advisories/other_advisory-2177.html
Broken Link
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:040
Broken Link
http://www.osvdb.org/6245
Broken Link
http://www.securityfocus.com/bid/5093
Third Party Advisory
Broken Link
VDB Entry
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0206-195
Broken Link
https://twitter.com/RooneyMcNibNug/status/1152332585349111810
Broken Link
https://web.archive.org/web/20080622172542/www.iss.net/threats/advise123.html
Third Party Advisory