Description
Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- conectiva / linux7.0 – 7.0
- conectiva / linuxgraficas – graficas
- conectiva / linux6.0 – 6.0
- conectiva / linuxecommerce – ecommerce
- conectiva / linux5.0 – 5.0
- conectiva / linux5.1 – 5.1
- engardelinux / secure_linux1.0.1 – 1.0.1
- immunix / immunix7.0 – 7.0
- mandrakesoft / mandrake_linux7.2 – 7.2
- mandrakesoft / mandrake_linux8.1 – 8.1
- mandrakesoft / mandrake_linux8.0 – 8.0
- mandrakesoft / mandrake_linux7.1 – 7.1
- mandrakesoft / mandrake_linux8.0 – 8.0
- mandrakesoft / mandrake_linux_corporate_server1.0.1 – 1.0.1
- mandrakesoft / mandrake_single_network_firewall7.2 – 7.2
- OpenBSD / OpenSSH2.0 – 3.1
- openpkg / openpkg1.0 – 1.0
- RedHat / linux7.2 – 7.2
- RedHat / linux7.0 – 7.0
- RedHat / linux7.1 – 7.1
- SUSE / suse_linux6.4 – 6.4
- SUSE / suse_linux6.4 – 6.4
- SUSE / suse_linux6.4 – 6.4
- SUSE / suse_linux7.0 – 7.0
- SUSE / suse_linux7.0 – 7.0
- SUSE / suse_linux7.0 – 7.0
- SUSE / suse_linux7.0 – 7.0
- SUSE / suse_linux7.1 – 7.1
- SUSE / suse_linux7.1 – 7.1
- SUSE / suse_linux7.1 – 7.1
- SUSE / suse_linux7.1 – 7.1
- SUSE / suse_linux7.2 – 7.2
- SUSE / suse_linux7.3 – 7.3
- SUSE / suse_linux7.3 – 7.3
- SUSE / suse_linux7.3 – 7.3
- trustix / secure_linux1.1 – 1.1
- trustix / secure_linux1.2 – 1.2
- trustix / secure_linux1.5 – 1.5
References
- MISChttp://archives.neohapsis.com/archives/bugtraq/2002-03/0108.html
- MISCftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.10/CSSA-2002-SCO.10.txt
- MISChttp://www.osvdb.org/730
- MISChttp://www.securityfocus.com/bid/4241
- MAILING_LISThttp://marc.info/?l=bugtraq&m=101561384821761&w=2
- MISCftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.11/CSSA-2002-SCO.11.txt
- VENDOR_ADVISORYhttp://online.securityfocus.com/advisories/3960
- VENDOR_ADVISORYhttp://www.debian.org/security/2002/dsa-119
- VENDOR_ADVISORYhttp://www.novell.com/linux/security/advisories/2002_009_openssh_txt.html
- VENDOR_ADVISORYhttp://www.calderasystems.com/support/security/advisories/CSSA-2002-012.0.txt
- MAILING_LISThttp://marc.info/?l=bugtraq&m=101586991827622&w=2
- VENDOR_ADVISORYhttp://www.linuxsecurity.com/advisories/other_advisory-1937.html
- MISChttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000467
- VENDOR_ADVISORYftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-004.txt.asc
- VENDOR_ADVISORYftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc
- MAILING_LISThttp://marc.info/?l=bugtraq&m=101553908201861&w=2
- MAILING_LISThttp://marc.info/?l=bugtraq&m=101552065005254&w=2
- MISChttp://www.linux-mandrake.com/en/security/2002/MDKSA-2002-019.php
- MISChttp://www.redhat.com/support/errata/RHSA-2002-043.html
- MISChttp://www.iss.net/security_center/static/8383.php
- VENDOR_ADVISORYhttp://www.openbsd.org/advisories/ssh_channelalloc.txt
- MISChttp://online.securityfocus.com/archive/1/264657
- MISChttp://archives.neohapsis.com/archives/vulnwatch/2002-q1/0060.html