CVE-2002-0640

Name of the Vulnerable Software and Affected Versions OpenSSH versions 2.3.1 through 3.3 openssh-askpass-3.1p1 openssh-askpass-gnome-3.1p1 openssh-clients-3.1p1 openssh-server-3.1p1 openssh-3.1p1

Description The issue concerns multiple vulnerabilities in OpenSSH, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. The exploitation may involve a buffer overflow in sshd during challenge response authentication when using PAM modules with interactive keyboard authentication.

Recommendations For OpenSSH versions 2.3.1 through 3.3, consider updating to a version outside of this range to mitigate the risk. For openssh-askpass-3.1p1, openssh-askpass-gnome-3.1p1, openssh-clients-3.1p1, openssh-server-3.1p1, and openssh-3.1p1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.