CVE-2002-0575

Severity

75%

Complexity

99%

Confidentiality

106%

Buffer overflow in OpenSSH before 2.9.9, and 3.x before 3.2.1, with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing enabled, allows remote and local authenticated users to gain privileges.

Buffer overflow in OpenSSH before 2.9.9, and 3.x before 3.2.1, with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing enabled, allows remote and local authenticated users to gain privileges.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

OpenBSD OpenSSH

First reported 22 years ago

2002-06-18 04:00:00

Last updated 8 years ago

2016-10-18 02:20:00

Affected Software

OpenBSD OpenSSH 2.1

2.1

OpenBSD OpenSSH 2.1.1

2.1.1

OpenBSD OpenSSH 2.2

2.2

OpenBSD OpenSSH 2.3

2.3

OpenBSD OpenSSH 2.5

2.5

OpenBSD OpenSSH 2.5.1

2.5.1

OpenBSD OpenSSH 2.5.2

2.5.2

OpenBSD OpenSSH 2.9

2.9

OpenBSD OpenSSH 2.9.9

2.9.9

OpenBSD OpenSSH 2.9 p1

2.9p1

OpenBSD OpenSSH 2.9 p2

2.9p2

OpenBSD OpenSSH 3.0

3.0

OpenBSD OpenSSH 3.0.1

3.0.1

OpenBSD OpenSSH 3.0.2

3.0.2

OpenBSD OpenSSH 3.1

3.1

OpenBSD OpenSSH 3.2

3.2

References

CSSA-2002-022.2

20020420 OpenSSH Security Advisory (adv.token)

20020429 TSLSA-2002-0047 - openssh

Patch, Vendor Advisory

20020517 OpenSSH 3.2.2 released (fwd)

20020419 OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable buffer overflow

20020419 OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable buffer overflow

20020426 Revised OpenSSH Security Advisory (adv.token)

openssh-sshd-kerberos-bo(8896)

Patch, Vendor Advisory

781

4560

Exploit, Patch, Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.