CVE-2002-0083 — CRITICAL (9.8)

Q: What is CVE-2002-0083?

CVE-2002-0083 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.

Q: How severe is CVE-2002-0083?

CVE-2002-0083 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2002-0083?

Check the references section above for vendor advisories and patch information. Affected products include: Immunix Immunix, Mandrakesoft Mandrake Single Network Firewall, Openbsd Openssh, Openpkg Openpkg, Conectiva Linux.

Vulnerability Description

Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Immunix	Immunix	7.0
Mandrakesoft	Mandrake Single Network Firewall	7.2
Openbsd	Openssh	>= 2.0, < 3.1
Openpkg	Openpkg	1.0
Conectiva	Linux	5.0
Engardelinux	Secure Linux	1.0.1
Mandrakesoft	Mandrake Linux	7.1
Mandrakesoft	Mandrake Linux Corporate Server	1.0.1
Redhat	Linux	7.0
Suse	Suse Linux	6.4
Trustix	Secure Linux	1.1

Related Weaknesses (CWE)

CWE-193

References

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.ascBroken Link
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-004.txt.ascBroken Link
ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.10/CSSA-2002-SCO.1Broken Link
ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.11/CSSA-2002-SCO.11.Broken Link
http://archives.neohapsis.com/archives/bugtraq/2002-03/0108.htmlBroken Link
http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0060.htmlBroken Link
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000467Broken Link
http://marc.info/?l=bugtraq&m=101552065005254&w=2Mailing List
http://marc.info/?l=bugtraq&m=101553908201861&w=2Mailing List
http://marc.info/?l=bugtraq&m=101561384821761&w=2Mailing List
http://marc.info/?l=bugtraq&m=101586991827622&w=2Mailing ListPatch
http://online.securityfocus.com/advisories/3960Broken LinkThird Party AdvisoryVDB Entry
http://online.securityfocus.com/archive/1/264657Broken LinkThird Party AdvisoryVDB Entry
http://www.calderasystems.com/support/security/advisories/CSSA-2002-012.0.txtBroken Link
http://www.debian.org/security/2002/dsa-119Broken LinkVendor Advisory

FAQ

What is CVE-2002-0083?

CVE-2002-0083 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.

How severe is CVE-2002-0083?

CVE-2002-0083 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2002-0083?

Check the references section above for vendor advisories and patch information. Affected products include: Immunix Immunix, Mandrakesoft Mandrake Single Network Firewall, Openbsd Openssh, Openpkg Openpkg, Conectiva Linux.