Sign-up

ID

VAR-200203-0011


CVE

CVE-2002-0083


TITLE

OpenSSH contains a one-off overflow of an array in the channel handling code

Trust: 0.8

sources: CERT/CC: VU#408419

DESCRIPTION

Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges. OpenSSH is a program used to provide secure connection and communications between client and servers. Channels are used to segregate differing traffic between the client and the server. OpenSSH is a suite implementing the SSH protocol. It includes client and server software, and supports ssh and sftp. It was initially developed for BSD, but is also widely used for Linux, Solaris, and other UNIX-like operating systems. A vulnerability has been announced in some versions of OpenSSH. A malicious client may exploit this vulnerability by connecting to a vulnerable server. Valid credentials are believed to be required, since the exploitable condition reportedly occurs after successful authentication. An examination of the code suggests this, but it has not been confirmed by the maintainer. Administrators should assume that this can be exploited without authentication and should patch vulnerable versions immediately. It encrypts and transmits all network communications, thereby avoiding attacks at many network layers, and is a very useful network connection tool. A user with a legal login account can use this vulnerability to obtain the root authority of the host. To implement X11, TCP and proxy forwarding, OpenSSH multiplexes multiple "channels" on a single TCP connection. The program may mistakenly use memory data outside the normal range, and an attacker with a legitimate login account logs in After entering the system, this vulnerability can be exploited to allow sshd to execute arbitrary commands with root privileges

Trust: 2.7

sources: NVD: CVE-2002-0083 // CERT/CC: VU#408419 // JVNDB: JVNDB-2002-000054 // BID: 4241 // VULHUB: VHN-4478

AFFECTED PRODUCTS

vendor:redhatmodel:linuxscope:eqversion:7.1

Trust: 1.6

vendor:conectivamodel:linuxscope:eqversion:ecommerce

Trust: 1.0

vendor:openbsdmodel:opensshscope:gteversion:2.0

Trust: 1.0

vendor:conectivamodel:linuxscope:eqversion:5.1

Trust: 1.0

vendor:redhatmodel:linuxscope:eqversion:7.2

Trust: 1.0

vendor:mandrakesoftmodel:mandrake linuxscope:eqversion:7.2

Trust: 1.0

vendor:immunixmodel:immunixscope:eqversion:7.0

Trust: 1.0

vendor:mandrakesoftmodel:mandrake linuxscope:eqversion:8.0

Trust: 1.0

vendor:susemodel:linuxscope:eqversion:7.2

Trust: 1.0

vendor:trustixmodel:secure linuxscope:eqversion:1.2

Trust: 1.0

vendor:conectivamodel:linuxscope:eqversion:7.0

Trust: 1.0

vendor:trustixmodel:secure linuxscope:eqversion:1.1

Trust: 1.0

vendor:mandrakesoftmodel:mandrake linux corporate serverscope:eqversion:1.0.1

Trust: 1.0

vendor:openpkgmodel:openpkgscope:eqversion:1.0

Trust: 1.0

vendor:mandrakesoftmodel:mandrake linuxscope:eqversion:7.1

Trust: 1.0

vendor:conectivamodel:linuxscope:eqversion:5.0

Trust: 1.0

vendor:engardelinuxmodel:secure linuxscope:eqversion:1.0.1

Trust: 1.0

vendor:conectivamodel:linuxscope:eqversion:6.0

Trust: 1.0

vendor:mandrakesoftmodel:mandrake linuxscope:eqversion:8.1

Trust: 1.0

vendor:openbsdmodel:opensshscope:ltversion:3.1

Trust: 1.0

vendor:trustixmodel:secure linuxscope:eqversion:1.5

Trust: 1.0

vendor:mandrakesoftmodel:mandrake single network firewallscope:eqversion:7.2

Trust: 1.0

vendor:redhatmodel:linuxscope:eqversion:7.0

Trust: 1.0

vendor:conectivamodel:linuxscope:eqversion:graficas

Trust: 1.0

vendor:susemodel:linuxscope:eqversion:7.1

Trust: 1.0

vendor:susemodel:linuxscope:eqversion:7.3

Trust: 1.0

vendor:susemodel:linuxscope:eqversion:6.4

Trust: 1.0

vendor:susemodel:linuxscope:eqversion:7.0

Trust: 1.0

vendor:applemodel: - scope: - version: -

Trust: 0.8

vendor:bsdimodel: - scope: - version: -

Trust: 0.8

vendor:calderamodel: - scope: - version: -

Trust: 0.8

vendor:conectivamodel: - scope: - version: -

Trust: 0.8

vendor:engardemodel: - scope: - version: -

Trust: 0.8

vendor:hewlett packardmodel: - scope: - version: -

Trust: 0.8

vendor:mandrakesoftmodel: - scope: - version: -

Trust: 0.8

vendor:netbsdmodel: - scope: - version: -

Trust: 0.8

vendor:openbsdmodel: - scope: - version: -

Trust: 0.8

vendor:openpkgmodel: - scope: - version: -

Trust: 0.8

vendor:opensshmodel: - scope: - version: -

Trust: 0.8

vendor:openwall gnu linuxmodel: - scope: - version: -

Trust: 0.8

vendor:red hatmodel: - scope: - version: -

Trust: 0.8

vendor:scomodel: - scope: - version: -

Trust: 0.8

vendor:susemodel: - scope: - version: -

Trust: 0.8

vendor:sunmodel: - scope: - version: -

Trust: 0.8

vendor:trustixmodel: - scope: - version: -

Trust: 0.8

vendor:ヒューレット パッカードmodel:hp-uxscope: - version: -

Trust: 0.8

vendor:レッドハットmodel:red hat linuxscope:eqversion:7.0

Trust: 0.8

vendor:レッドハットmodel:red hat linuxscope:eqversion:7.2

Trust: 0.8

vendor:レッドハットmodel:red hat linuxscope:eqversion:7.1

Trust: 0.8

vendor:openbsdmodel:opensshscope: - version: -

Trust: 0.8

vendor:opensshmodel:p1scope:eqversion:3.0.2

Trust: 0.3

vendor:opensshmodel:opensshscope:eqversion:3.0.2

Trust: 0.3

vendor:opensshmodel:opensshscope:eqversion:3.0.1

Trust: 0.3

vendor:opensshmodel:opensshscope:eqversion:2.9.9

Trust: 0.3

vendor:opensshmodel:p2scope:eqversion:2.9

Trust: 0.3

vendor:opensshmodel:p1scope:eqversion:2.9

Trust: 0.3

vendor:opensshmodel:opensshscope:eqversion:2.9

Trust: 0.3

vendor:opensshmodel:opensshscope:eqversion:2.5.2

Trust: 0.3

vendor:opensshmodel:opensshscope:eqversion:2.5.1

Trust: 0.3

vendor:opensshmodel:opensshscope:eqversion:2.5

Trust: 0.3

vendor:opensshmodel:opensshscope:eqversion:2.3

Trust: 0.3

vendor:opensshmodel:opensshscope:eqversion:2.2

Trust: 0.3

vendor:opensshmodel:opensshscope:eqversion:2.1.1

Trust: 0.3

vendor:opensshmodel:opensshscope:eqversion:2.1

Trust: 0.3

vendor:openbsdmodel:openbsdscope:eqversion:2.8

Trust: 0.3

vendor:opensshmodel:opensshscope:neversion:3.1

Trust: 0.3

sources: CERT/CC: VU#408419 // BID: 4241 // JVNDB: JVNDB-2002-000054 // CNNVD: CNNVD-200203-034 // NVD: CVE-2002-0083

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2002-0083
value: CRITICAL

Trust: 1.0

CARNEGIE MELLON: VU#408419
value: 25.65

Trust: 0.8

NVD: CVE-2002-0083
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-200203-034
value: CRITICAL

Trust: 0.6

VULHUB: VHN-4478
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2002-0083
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-4478
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2002-0083
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2002-0083
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CERT/CC: VU#408419 // VULHUB: VHN-4478 // JVNDB: JVNDB-2002-000054 // CNNVD: CNNVD-200203-034 // NVD: CVE-2002-0083

PROBLEMTYPE DATA

problemtype:CWE-193

Trust: 1.0

problemtype:Determination of boundary conditions (CWE-193) [NVD evaluation ]

Trust: 0.8

problemtype:CWE-189

Trust: 0.1

sources: VULHUB: VHN-4478 // JVNDB: JVNDB-2002-000054 // NVD: CVE-2002-0083

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200203-034

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-200203-034

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-4478

PATCH
title:043url:http://www.openbsd.org/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2002-000054

EXTERNAL IDS
db:NVDid:CVE-2002-0083
Trust: 3.6
db:BIDid:4241
Trust: 3.0
db:CERT/CCid:VU#408419
Trust: 1.6
db:OSVDBid:730
Trust: 1.1
db:JVNDBid:JVNDB-2002-000054
Trust: 0.8
db:CNNVDid:CNNVD-200203-034
Trust: 0.7
db:EXPLOIT-DBid:21314
Trust: 0.1
db:SEEBUGid:SSVID-75148
Trust: 0.1
db:VULHUBid:VHN-4478
Trust: 0.1
sources:
            
            
            CERT/CC: VU#408419 // 
            
            
            
            VULHUB: VHN-4478 // 
            
            
            
            BID: 4241 // 
            
            
            
            JVNDB: JVNDB-2002-000054 // 
            
            
            
            CNNVD: CNNVD-200203-034 // 
            
            
            
            NVD: CVE-2002-0083

REFERENCES
url:http://www.openbsd.org/advisories/ssh_channelalloc.txt
Trust: 1.9
url:http://www.securityfocus.com/bid/4241
Trust: 1.9
url:http://marc.info/?l=bugtraq&m=101553908201861&w=2
Trust: 1.1
url:http://marc.info/?l=bugtraq&m=101552065005254&w=2
Trust: 1.1
url:http://marc.info/?l=bugtraq&m=101561384821761&w=2
Trust: 1.1
url:http://marc.info/?l=bugtraq&m=101586991827622&w=2
Trust: 1.1
url:http://archives.neohapsis.com/archives/bugtraq/2002-03/0108.html
Trust: 1.1
url:http://online.securityfocus.com/archive/1/264657
Trust: 1.1
url:http://www.calderasystems.com/support/security/advisories/cssa-2002-012.0.txt
Trust: 1.1
url:ftp://stage.caldera.com/pub/security/openserver/cssa-2002-sco.10/cssa-2002-sco.10.txt
Trust: 1.1
url:ftp://stage.caldera.com/pub/security/openunix/cssa-2002-sco.11/cssa-2002-sco.11.txt
Trust: 1.1
url:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000467
Trust: 1.1
url:http://www.debian.org/security/2002/dsa-119
Trust: 1.1
url:http://www.linuxsecurity.com/advisories/other_advisory-1937.html
Trust: 1.1
url:ftp://ftp.freebsd.org/pub/freebsd/cert/advisories/freebsd-sa-02:13.openssh.asc
Trust: 1.1
url:http://online.securityfocus.com/advisories/3960
Trust: 1.1
url:http://www.linux-mandrake.com/en/security/2002/mdksa-2002-019.php
Trust: 1.1
url:ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2002-004.txt.asc
Trust: 1.1
url:http://www.osvdb.org/730
Trust: 1.1
url:http://www.redhat.com/support/errata/rhsa-2002-043.html
Trust: 1.1
url:http://www.novell.com/linux/security/advisories/2002_009_openssh_txt.html
Trust: 1.1
url:http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0060.html
Trust: 1.1
url:http://www.iss.net/security_center/static/8383.php
Trust: 1.1
url:http://www.pine.nl/advisories/pine-cert-20020301.txt
Trust: 0.8
url:http://online.securityfocus.com/bid/4241
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-0083
Trust: 0.8
url:http://www.kb.cert.org/vuls/id/408419
Trust: 0.8
url:http://support.coresecurity.com/impact/exploits/44711fd6971e717073942524961d8e3e.html
Trust: 0.3
sources:
            
            
            CERT/CC: VU#408419 // 
            
            
            
            VULHUB: VHN-4478 // 
            
            
            
            BID: 4241 // 
            
            
            
            JVNDB: JVNDB-2002-000054 // 
            
            
            
            NVD: CVE-2002-0083

CREDITS
Joost Pol※ joost@pine.nl
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200203-034

SOURCES
db:CERT/CCid:VU#408419
db:VULHUBid:VHN-4478
db:BIDid:4241
db:JVNDBid:JVNDB-2002-000054
db:CNNVDid:CNNVD-200203-034
db:NVDid:CVE-2002-0083

LAST UPDATE DATE
2024-08-14T15:09:58.648000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#408419date:2002-04-02T00:00:00
db:VULHUBid:VHN-4478date:2016-10-18T00:00:00
db:BIDid:4241date:2007-11-05T15:25:00
db:JVNDBid:JVNDB-2002-000054date:2024-02-26T07:51:00
db:CNNVDid:CNNVD-200203-034date:2006-09-15T00:00:00
db:NVDid:CVE-2002-0083date:2024-02-02T02:52:51.803

SOURCES RELEASE DATE
db:CERT/CCid:VU#408419date:2002-03-07T00:00:00
db:VULHUBid:VHN-4478date:2002-03-15T00:00:00
db:BIDid:4241date:2002-03-07T00:00:00
db:JVNDBid:JVNDB-2002-000054date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200203-034date:2002-03-15T00:00:00
db:NVDid:CVE-2002-0083date:2002-03-15T05:00:00