CVE-2002-0083

Current Description

Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.

Basic Data

PublishedMarch 15, 2002
Last ModifiedOctober 18, 2016
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-189
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score10.0
SeverityHIGH
Exploitability Score10.0
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationImmunixImmunix7.0*******
    2.3ApplicationMandrakesoftMandrake Single Network Firewall7.2*******
    2.3ApplicationOpenbsdOpenssh2.1*******
    2.3ApplicationOpenbsdOpenssh2.1.1*******
    2.3ApplicationOpenbsdOpenssh2.2*******
    2.3ApplicationOpenbsdOpenssh2.3*******
    2.3ApplicationOpenbsdOpenssh2.5*******
    2.3ApplicationOpenbsdOpenssh2.5.1*******
    2.3ApplicationOpenbsdOpenssh2.5.2*******
    2.3ApplicationOpenbsdOpenssh2.9*******
    2.3ApplicationOpenbsdOpenssh2.9.9*******
    2.3ApplicationOpenbsdOpenssh2.9p1*******
    2.3ApplicationOpenbsdOpenssh2.9p2*******
    2.3ApplicationOpenbsdOpenssh3.0.1*******
    2.3ApplicationOpenpkgOpenpkg1.0*******
    2.3OSConectivaLinux5.0*******
    2.3OSConectivaLinux5.1*******
    2.3OSConectivaLinux6.0*******
    2.3OSConectivaLinux7.0*******
    2.3OSConectivaLinuxecommerce*******
    2.3OSConectivaLinuxgraficas*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSEngardelinuxSecure Linux1.0.1*******
    2.3OSMandrakesoftMandrake Linux7.1*******
    2.3OSMandrakesoftMandrake Linux7.2*******
    2.3OSMandrakesoftMandrake Linux8.0*******
    2.3OSMandrakesoftMandrake Linux8.0*ppc*****
    2.3OSMandrakesoftMandrake Linux8.1*******
    2.3OSMandrakesoftMandrake Linux Corporate Server1.0.1*******
    2.3OSRedhatLinux7.0*******
    2.3OSRedhatLinux7.1*******
    2.3OSRedhatLinux7.2*******
    2.3OSSuseSuse Linux6.4*i386*****
    2.3OSSuseSuse Linux6.4*ppc*****
    2.3OSSuseSuse Linux6.4alpha******
    2.3OSSuseSuse Linux7.0*i386*****
    2.3OSSuseSuse Linux7.0*ppc*****
    2.3OSSuseSuse Linux7.0*sparc*****
    2.3OSSuseSuse Linux7.0alpha******
    2.3OSSuseSuse Linux7.1*spa*****
    2.3OSSuseSuse Linux7.1*sparc*****
    2.3OSSuseSuse Linux7.1*x86*****
    2.3OSSuseSuse Linux7.1alpha******
    2.3OSSuseSuse Linux7.2*i386*****
    2.3OSSuseSuse Linux7.3*i386*****
    2.3OSSuseSuse Linux7.3*ppc*****
    2.3OSSuseSuse Linux7.3*sparc*****
    2.3OSTrustixSecure Linux1.1*******
    2.3OSTrustixSecure Linux1.2*******
    2.3OSTrustixSecure Linux1.5*******

Vulnerable Software List

VendorProductVersions
Engardelinux Secure Linux 1.0.1
Immunix Immunix 7.0
Openbsd Openssh 2.1, 2.1.1, 2.2, 2.3, 2.5, 2.5.1, 2.5.2, 2.9, 2.9.9, 2.9p1, 2.9p2, 3.0.1
Openpkg Openpkg 1.0
Redhat Linux 7.0, 7.1, 7.2
Conectiva Linux 5.0, 5.1, 6.0, 7.0, ecommerce, graficas
Mandrakesoft Mandrake Linux 7.1, 7.2, 8.0, 8.1
Mandrakesoft Mandrake Linux Corporate Server 1.0.1
Mandrakesoft Mandrake Single Network Firewall 7.2
Trustix Secure Linux 1.1, 1.2, 1.5
Suse Suse Linux 6.4, 7.0, 7.1, 7.2, 7.3

References

NameSourceURLTags
FreeBSD-SA-02:13ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.ascFREEBSD
NetBSD-SA2002-004ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-004.txt.ascNETBSD
CSSA-2002-SCO.10ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.10/CSSA-2002-SCO.10.txtCALDERA
CSSA-2002-SCO.11ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.11/CSSA-2002-SCO.11.txtCALDERA
20020311 TSLSA-2002-0039 - opensshhttp://archives.neohapsis.com/archives/bugtraq/2002-03/0108.htmlBUGTRAQ
20020307 [VulnWatch] [PINE-CERT-20020301] OpenSSH off-by-onehttp://archives.neohapsis.com/archives/vulnwatch/2002-q1/0060.htmlVULNWATCH
CLA-2002:467http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000467CONECTIVA
20020307 [PINE-CERT-20020301] OpenSSH off-by-onehttp://marc.info/?l=bugtraq&m=101552065005254&w=2BUGTRAQ
20020307 OpenSSH Security Advisory (adv.channelalloc)http://marc.info/?l=bugtraq&m=101553908201861&w=2BUGTRAQ
20020308 [OpenPKG-SA-2002.002] OpenPKG Security Advisory (openssh)http://marc.info/?l=bugtraq&m=101561384821761&w=2BUGTRAQ
20020310 OpenSSH 2.9.9p2 packages for Immunix 6.2 with latest fixhttp://marc.info/?l=bugtraq&m=101586991827622&w=2BUGTRAQ
HPSBTL0203-029http://online.securityfocus.com/advisories/3960HP
20020328 OpenSSH channel_lookup() off by one exploithttp://online.securityfocus.com/archive/1/264657BUGTRAQ
CSSA-2002-012.0http://www.calderasystems.com/support/security/advisories/CSSA-2002-012.0.txtCALDERA
DSA-119http://www.debian.org/security/2002/dsa-119DEBIANVendor Advisory
openssh-channel-error(8383)http://www.iss.net/security_center/static/8383.phpXF
MDKSA-2002:019http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-019.phpMANDRAKE
ESA-20020307-007http://www.linuxsecurity.com/advisories/other_advisory-1937.htmlENGARDEPatch Vendor Advisory
SuSE-SA:2002:009http://www.novell.com/linux/security/advisories/2002_009_openssh_txt.htmlSUSE
http://www.openbsd.org/advisories/ssh_channelalloc.txthttp://www.openbsd.org/advisories/ssh_channelalloc.txtCONFIRM
730http://www.osvdb.org/730OSVDB
RHSA-2002:043http://www.redhat.com/support/errata/RHSA-2002-043.htmlREDHAT
4241http://www.securityfocus.com/bid/4241BID