Published: 03/07/2002 Updated: 08/02/2024

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Integer overflow in sshd in OpenSSH 2.9.9 up to and including 3.3 allows remote malicious users to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openbsd openssh

ISS X-Force released an advisory about an OpenSSH "Remote Challenge Vulnerability" Unfortunately, the advisory was incorrect on some points, leading to widespread confusion about the impact of this vulnerability No version of OpenSSH in Debian is affected by the SKEY and BSD_AUTH authentication methods described in the ISS advisory However, Debi ...

CWE-190 http://www.kb.cert.org/vuls/id/369347 http://www.cert.org/advisories/CA-2002-18.html http://www.debian.org/security/2002/dsa-134 http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0206-195 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-030.0.txt http://archives.neohapsis.com/archives/bugtraq/2002-06/0335.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000502 http://www.linuxsecurity.com/advisories/other_advisory-2177.html http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:040 http://www.securityfocus.com/bid/5093 http://www.iss.net/security_center/static/9169.php http://www.osvdb.org/6245 http://marc.info/?l=bugtraq&m=102514371522793&w=2 http://marc.info/?l=bugtraq&m=102514631524575&w=2 http://marc.info/?l=bugtraq&m=102521542826833&w=2 https://web.archive.org/web/20080622172542/www.iss.net/threats/advise123.html https://twitter.com/RooneyMcNibNug/status/1152332585349111810 https://nvd.nist.gov https://www.debian.org/security/./dsa-134 https://www.kb.cert.org/vuls/id/369347

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2002-0639

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect