CVE-2002-0083

Name of the Vulnerable Software and Affected Versions OpenSSH versions 2.0 through 3.0.2 openssh-askpass-3.1p1 openssh-askpass-gnome-3.1p1 openssh-clients-3.1p1 openssh-server-3.1p1 openssh-3.1p1

Description The issue is related to an off-by-one error in the channel code of OpenSSH, allowing local users or remote malicious servers to gain privileges. Multiple vulnerabilities in the openssh package of Red Hat Linux can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely.

Recommendations For OpenSSH versions 2.0 through 3.0.2, update to a version later than 3.0.2 to resolve the issue. For openssh-askpass-3.1p1, consider disabling the package until a patch is available. For openssh-askpass-gnome-3.1p1, restrict access to the package to minimize the risk of exploitation. For openssh-clients-3.1p1, avoid using the package for remote connections until the issue is resolved. For openssh-server-3.1p1, restrict access to the server to minimize the risk of exploitation. For openssh-3.1p1, consider disabling the package until a patch is available.