CVE-2002-0083

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2002-0083
Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc Broken Link
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-004.txt.asc Broken Link
ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.10/CSSA-2002-SCO.10.txt Broken Link
ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.11/CSSA-2002-SCO.11.txt Broken Link
http://archives.neohapsis.com/archives/bugtraq/2002-03/0108.html Broken Link
http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0060.html Broken Link
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000467 Broken Link
http://marc.info/?l=bugtraq&m=101552065005254&w=2 Mailing List
http://marc.info/?l=bugtraq&m=101553908201861&w=2 Mailing List
http://marc.info/?l=bugtraq&m=101561384821761&w=2 Mailing List
http://marc.info/?l=bugtraq&m=101586991827622&w=2 Mailing List Patch
http://online.securityfocus.com/advisories/3960 Broken Link Third Party Advisory VDB Entry
http://online.securityfocus.com/archive/1/264657 Broken Link Third Party Advisory VDB Entry
http://www.calderasystems.com/support/security/advisories/CSSA-2002-012.0.txt Broken Link
http://www.debian.org/security/2002/dsa-119 Broken Link Vendor Advisory
http://www.iss.net/security_center/static/8383.php Broken Link
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-019.php Broken Link
http://www.linuxsecurity.com/advisories/other_advisory-1937.html Broken Link Patch Vendor Advisory
http://www.novell.com/linux/security/advisories/2002_009_openssh_txt.html Broken Link
http://www.openbsd.org/advisories/ssh_channelalloc.txt Vendor Advisory
http://www.osvdb.org/730 Broken Link
http://www.redhat.com/support/errata/RHSA-2002-043.html Broken Link
http://www.securityfocus.com/bid/4241 Broken Link Third Party Advisory VDB Entry
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc Broken Link
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-004.txt.asc Broken Link
ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.10/CSSA-2002-SCO.10.txt Broken Link
ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.11/CSSA-2002-SCO.11.txt Broken Link
http://archives.neohapsis.com/archives/bugtraq/2002-03/0108.html Broken Link
http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0060.html Broken Link
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000467 Broken Link
http://marc.info/?l=bugtraq&m=101552065005254&w=2 Mailing List
http://marc.info/?l=bugtraq&m=101553908201861&w=2 Mailing List
http://marc.info/?l=bugtraq&m=101561384821761&w=2 Mailing List
http://marc.info/?l=bugtraq&m=101586991827622&w=2 Mailing List Patch
http://online.securityfocus.com/advisories/3960 Broken Link Third Party Advisory VDB Entry
http://online.securityfocus.com/archive/1/264657 Broken Link Third Party Advisory VDB Entry
http://www.calderasystems.com/support/security/advisories/CSSA-2002-012.0.txt Broken Link
http://www.debian.org/security/2002/dsa-119 Broken Link Vendor Advisory
http://www.iss.net/security_center/static/8383.php Broken Link
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-019.php Broken Link
http://www.linuxsecurity.com/advisories/other_advisory-1937.html Broken Link Patch Vendor Advisory
http://www.novell.com/linux/security/advisories/2002_009_openssh_txt.html Broken Link
http://www.openbsd.org/advisories/ssh_channelalloc.txt Vendor Advisory
http://www.osvdb.org/730 Broken Link
http://www.redhat.com/support/errata/RHSA-2002-043.html Broken Link
http://www.securityfocus.com/bid/4241 Broken Link Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:immunix:immunix:7.0:*:*:*:*:*:*:*
cpe:2.3:a:mandrakesoft:mandrake_single_network_firewall:7.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*
cpe:2.3:a:openpkg:openpkg:1.0:*:*:*:*:*:*:*
cpe:2.3:o:conectiva:linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:conectiva:linux:5.1:*:*:*:*:*:*:*
cpe:2.3:o:conectiva:linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:conectiva:linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:conectiva:linux:ecommerce:*:*:*:*:*:*:*
cpe:2.3:o:conectiva:linux:graficas:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:engardelinux:secure_linux:1.0.1:*:*:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:8.0:*:ppc:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:8.1:*:*:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:1.0.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:6.4:*:i386:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:6.4:*:ppc:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:6.4:alpha:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:7.0:*:i386:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:7.0:*:ppc:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:7.0:*:sparc:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:7.0:alpha:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:7.1:*:spa:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:7.1:*:sparc:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:7.1:*:x86:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:7.1:alpha:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:7.2:*:i386:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:7.3:*:i386:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:7.3:*:ppc:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:7.3:*:sparc:*:*:*:*:*
cpe:2.3:o:trustix:secure_linux:1.1:*:*:*:*:*:*:*
cpe:2.3:o:trustix:secure_linux:1.2:*:*:*:*:*:*:*
cpe:2.3:o:trustix:secure_linux:1.5:*:*:*:*:*:*:*
History

20 Nov 2024, 23:38

Type Values Removed Values Added
References () ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc - Broken Link () ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc - Broken Link
References () ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-004.txt.asc - Broken Link () ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-004.txt.asc - Broken Link
References () ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.10/CSSA-2002-SCO.10.txt - Broken Link () ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.10/CSSA-2002-SCO.10.txt - Broken Link
References () ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.11/CSSA-2002-SCO.11.txt - Broken Link () ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.11/CSSA-2002-SCO.11.txt - Broken Link
References () http://archives.neohapsis.com/archives/bugtraq/2002-03/0108.html - Broken Link () http://archives.neohapsis.com/archives/bugtraq/2002-03/0108.html - Broken Link
References () http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0060.html - Broken Link () http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0060.html - Broken Link
References () http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000467 - Broken Link () http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000467 - Broken Link
References () http://marc.info/?l=bugtraq&m=101552065005254&w=2 - Mailing List () http://marc.info/?l=bugtraq&m=101552065005254&w=2 - Mailing List
References () http://marc.info/?l=bugtraq&m=101553908201861&w=2 - Mailing List () http://marc.info/?l=bugtraq&m=101553908201861&w=2 - Mailing List
References () http://marc.info/?l=bugtraq&m=101561384821761&w=2 - Mailing List () http://marc.info/?l=bugtraq&m=101561384821761&w=2 - Mailing List
References () http://marc.info/?l=bugtraq&m=101586991827622&w=2 - Mailing List, Patch () http://marc.info/?l=bugtraq&m=101586991827622&w=2 - Mailing List, Patch
References () http://online.securityfocus.com/advisories/3960 - Broken Link, Third Party Advisory, VDB Entry () http://online.securityfocus.com/advisories/3960 - Broken Link, Third Party Advisory, VDB Entry
References () http://online.securityfocus.com/archive/1/264657 - Broken Link, Third Party Advisory, VDB Entry () http://online.securityfocus.com/archive/1/264657 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.calderasystems.com/support/security/advisories/CSSA-2002-012.0.txt - Broken Link () http://www.calderasystems.com/support/security/advisories/CSSA-2002-012.0.txt - Broken Link
References () http://www.debian.org/security/2002/dsa-119 - Broken Link, Vendor Advisory () http://www.debian.org/security/2002/dsa-119 - Broken Link, Vendor Advisory
References () http://www.iss.net/security_center/static/8383.php - Broken Link () http://www.iss.net/security_center/static/8383.php - Broken Link
References () http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-019.php - Broken Link () http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-019.php - Broken Link
References () http://www.linuxsecurity.com/advisories/other_advisory-1937.html - Broken Link, Patch, Vendor Advisory () http://www.linuxsecurity.com/advisories/other_advisory-1937.html - Broken Link, Patch, Vendor Advisory
References () http://www.novell.com/linux/security/advisories/2002_009_openssh_txt.html - Broken Link () http://www.novell.com/linux/security/advisories/2002_009_openssh_txt.html - Broken Link
References () http://www.openbsd.org/advisories/ssh_channelalloc.txt - Vendor Advisory () http://www.openbsd.org/advisories/ssh_channelalloc.txt - Vendor Advisory
References () http://www.osvdb.org/730 - Broken Link () http://www.osvdb.org/730 - Broken Link
References () http://www.redhat.com/support/errata/RHSA-2002-043.html - Broken Link () http://www.redhat.com/support/errata/RHSA-2002-043.html - Broken Link
References () http://www.securityfocus.com/bid/4241 - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/4241 - Broken Link, Third Party Advisory, VDB Entry

02 Feb 2024, 02:52

Type Values Removed Values Added
CWE CWE-189 CWE-193
CPE cpe:2.3:a:openbsd:openssh:2.9p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9.9:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.3:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.5:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9p2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9:*:*:*:*:*:*:*		 cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*
CVSS v2 : 10.0
v3 : unknown 		v2 : 10.0
v3 : 9.8
References (BUGTRAQ) http://marc.info/?l=bugtraq&m=101586991827622&w=2 - (BUGTRAQ) http://marc.info/?l=bugtraq&m=101586991827622&w=2 - Mailing List, Patch
References (MANDRAKE) http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-019.php - (MANDRAKE) http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-019.php - Broken Link
References (REDHAT) http://www.redhat.com/support/errata/RHSA-2002-043.html - (REDHAT) http://www.redhat.com/support/errata/RHSA-2002-043.html - Broken Link
References (SUSE) http://www.novell.com/linux/security/advisories/2002_009_openssh_txt.html - (SUSE) http://www.novell.com/linux/security/advisories/2002_009_openssh_txt.html - Broken Link
References (CONFIRM) http://www.openbsd.org/advisories/ssh_channelalloc.txt - (CONFIRM) http://www.openbsd.org/advisories/ssh_channelalloc.txt - Vendor Advisory
References (ENGARDE) http://www.linuxsecurity.com/advisories/other_advisory-1937.html - Patch, Vendor Advisory (ENGARDE) http://www.linuxsecurity.com/advisories/other_advisory-1937.html - Broken Link, Patch, Vendor Advisory
References (BUGTRAQ) http://marc.info/?l=bugtraq&m=101553908201861&w=2 - (BUGTRAQ) http://marc.info/?l=bugtraq&m=101553908201861&w=2 - Mailing List
References (DEBIAN) http://www.debian.org/security/2002/dsa-119 - Vendor Advisory (DEBIAN) http://www.debian.org/security/2002/dsa-119 - Broken Link, Vendor Advisory
References (BUGTRAQ) http://online.securityfocus.com/archive/1/264657 - (BUGTRAQ) http://online.securityfocus.com/archive/1/264657 - Broken Link, Third Party Advisory, VDB Entry
References (NETBSD) ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-004.txt.asc - (NETBSD) ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-004.txt.asc - Broken Link
References (BUGTRAQ) http://archives.neohapsis.com/archives/bugtraq/2002-03/0108.html - (BUGTRAQ) http://archives.neohapsis.com/archives/bugtraq/2002-03/0108.html - Broken Link
References (CALDERA) ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.11/CSSA-2002-SCO.11.txt - (CALDERA) ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.11/CSSA-2002-SCO.11.txt - Broken Link
References (OSVDB) http://www.osvdb.org/730 - (OSVDB) http://www.osvdb.org/730 - Broken Link
References (CONECTIVA) http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000467 - (CONECTIVA) http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000467 - Broken Link
References (FREEBSD) ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc - (FREEBSD) ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc - Broken Link
References (XF) http://www.iss.net/security_center/static/8383.php - (XF) http://www.iss.net/security_center/static/8383.php - Broken Link
References (BID) http://www.securityfocus.com/bid/4241 - (BID) http://www.securityfocus.com/bid/4241 - Broken Link, Third Party Advisory, VDB Entry
References (BUGTRAQ) http://marc.info/?l=bugtraq&m=101561384821761&w=2 - (BUGTRAQ) http://marc.info/?l=bugtraq&m=101561384821761&w=2 - Mailing List
References (BUGTRAQ) http://marc.info/?l=bugtraq&m=101552065005254&w=2 - (BUGTRAQ) http://marc.info/?l=bugtraq&m=101552065005254&w=2 - Mailing List
References (HP) http://online.securityfocus.com/advisories/3960 - (HP) http://online.securityfocus.com/advisories/3960 - Broken Link, Third Party Advisory, VDB Entry
References (CALDERA) ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.10/CSSA-2002-SCO.10.txt - (CALDERA) ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.10/CSSA-2002-SCO.10.txt - Broken Link
References (VULNWATCH) http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0060.html - (VULNWATCH) http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0060.html - Broken Link
References (CALDERA) http://www.calderasystems.com/support/security/advisories/CSSA-2002-012.0.txt - (CALDERA) http://www.calderasystems.com/support/security/advisories/CSSA-2002-012.0.txt - Broken Link
Information

Published : 2002-03-15 05:00

Updated : 2024-11-20 23:38

NVD link : CVE-2002-0083

Mitre link : CVE-2002-0083

CVE.ORG link : CVE-2002-0083

JSON object : View

Products Affected

openbsd

  • openssh

mandrakesoft

  • mandrake_single_network_firewall
  • mandrake_linux
  • mandrake_linux_corporate_server

trustix

  • secure_linux

openpkg

  • openpkg

immunix

  • immunix

redhat

  • linux

engardelinux

  • secure_linux

suse

  • suse_linux

conectiva

  • linux
CWE
CWE-193

Off-by-one Error


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024