PT-2002-1074 · Openssh+1 · Openssh+1

Published

2002-07-03

Updated

2024-07-08

CVE-2002-0640

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions OpenSSH versions 2.3.1 through 3.3 openssh-askpass-3.1p1 openssh-askpass-gnome-3.1p1 openssh-clients-3.1p1 openssh-server-3.1p1 openssh-3.1p1

Description The issue concerns multiple vulnerabilities in OpenSSH, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. The exploitation may involve a buffer overflow in sshd during challenge response authentication when using PAM modules with interactive keyboard authentication.

Recommendations For OpenSSH versions 2.3.1 through 3.3, consider updating to a version outside of this range to mitigate the risk. For openssh-askpass-3.1p1, openssh-askpass-gnome-3.1p1, openssh-clients-3.1p1, openssh-server-3.1p1, and openssh-3.1p1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-203

Related Identifiers

ALT-PU-2024-3921

ALT-PU-2024-4077

ALT-PU-2024-4467

ALT-PU-2024-9513

BDU:2015-08184

BDU:2015-08187

BDU:2015-08190

BDU:2015-08193

BDU:2015-08196

CVE-2002-0640

Affected Products

Alt Linux

Openssh

PT-2002-1074 · Openssh+1 · Openssh+1

CVE-2002-0640

Weakness Enumeration

Related Identifiers

Affected Products

References · 371