CVE-2002-0640 — Vulnetix

CVE-2002-0640 PUBLISHED CVSS 10 CRITICAL

Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers to execute arbitrary code via a large number of responses during challenge response authentication when OpenBSD is using PAM modules with interactive keyboard authentication (PAMAuthenticationViaKbdInt).

EPSS 66.96% · 98.6th percentile

Risk Scores

CVSS 2.0

EPSS Score

66.96%

98.6th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
openbsd	openssh	1.2.2, 1.2.3, 2.1

Exploit Intelligence

839 (circl)
DSA-134 (circl)
RHSA-2002:127 (circl)
20020626 OpenSSH Security Advisory (adv.iss) (circl)
SuSE-SA:2002:024 (circl)
20020628 Sun statement on the OpenSSH Remote Challenge Vulnerability (circl)
CA-2002-18 (circl)
20020627 How to reproduce OpenSSH Overflow. (circl)
RHSA-2002:131 (circl)
5093 (circl)

…and 10 more exploits

Timeline

Jul 3, 2002 CVE Published
Feb 4, 2022 EPSS Score
May 20, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Oct 27, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Mar 7, 2023 EPSS Score
May 26, 2023 EPSS Score
Jul 17, 2023 EPSS Score
Oct 31, 2023 EPSS Score
Dec 22, 2023 EPSS Score
Feb 13, 2024 EPSS Score

References

839 vdb
DSA-134 vendor-advisory
RHSA-2002:127 vendor-advisory
20020626 OpenSSH Security Advisory (adv.iss) mailing-list
SuSE-SA:2002:024 vendor-advisory
20020628 Sun statement on the OpenSSH Remote Challenge Vulnerability mailing-list
CA-2002-18 third-party-advisory
20020627 How to reproduce OpenSSH Overflow. mailing-list
RHSA-2002:131 vendor-advisory
5093 vdb
CSSA-2002-030.0 vendor-advisory
ESA-20020702-016 vendor-advisory
VU#369347 third-party-advisory
CLA-2002:502 vendor-advisory
HPSBUX0206-195 vendor-advisory
MDKSA-2002:040 vendor-advisory
20020626 Revised OpenSSH Security Advisory (adv.iss) mailing-list
[oss-security] 20240701 CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems mailing-list
https://nvd.nist.gov/vuln/detail/CVE-2002-0640 advisory

Open in Interactive Console →