OpenSSH Channel Code Off by 1

Published: 2005-11-03 13:08:04
CVE Author: NIST National Vulnerability Database (NVD)

CVSS Base Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Recommendations:
Upgrade to OpenSSH 3.1 or apply the patch for prior versions.

Summary:
You are running a version of OpenSSH which is older than 3.1.

Technical Details:
Versions prior than 3.1 are vulnerable to an off by one error that allows local users to gain root access, and it may be possible for remote users to similarly compromise the daemon for remote access. In addition, a vulnerable SSH client may be compromised by connecting to a malicious SSH daemon that exploits this vulnerability in the client code, thus compromising the client system.

Detection Type:
Remote Banner Unreliable

Solution Type:
Vendor Patch

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2002-0083

SecurityFocus Bugtraq ID:

https://www.securityfocus.com/bid/4241

Search
Severity
High
CVSS Score
10.0

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.