VDB
CVE-2002-0639
CVE-2002-0639
PUBLISHED
CVSS 9.800000190734863 CRITICAL
Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication.
EPSS 33.71% · 97.0th percentile
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
33.71%
97.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| openbsd | openssh | 2.9.9 |
| n/a | n/a | * |
Timeline
- Jul 3, 2002 CVE Published
- Sep 23, 2010 PoC Published
- Feb 4, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- May 26, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
- Dec 22, 2023 EPSS Score
- Jan 29, 2024 EPSS Score
- Feb 9, 2024 EPSS Score
References
- DSA-134 vendor-advisory
- openssh-challenge-response-bo(9169) vdb
- 20020626 [OpenPKG-SA-2002.005] OpenPKG Security Advisory (openssh) mailing-list
- 20020626 OpenSSH Security Advisory (adv.iss) mailing-list
- 6245 vdb
- CA-2002-18 third-party-advisory
- 20020627 How to reproduce OpenSSH Overflow. mailing-list
- 5093 vdb
- CSSA-2002-030.0 vendor-advisory
- ESA-20020702-016 vendor-advisory
- VU#369347 third-party-advisory
- CLA-2002:502 vendor-advisory
- HPSBUX0206-195 vendor-advisory
- MDKSA-2002:040 vendor-advisory
- 20020626 Revised OpenSSH Security Advisory (adv.iss) mailing-list
- 20020626 OpenSSH Remote Challenge Vulnerability third-party-advisory
- https://twitter.com/RooneyMcNibNug/status/1152332585349111810 url
- https://nvd.nist.gov/vuln/detail/CVE-2002-0639 advisory