CVE-2002-0639

CVSS 9.8 - CRITICAL
Description

Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication.

Affected Products
1
Vendor Product Version
openbsd openssh All versions
References
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-...
http://archives.neohapsis.com/archives/bugtraq/200...
http://distro.conectiva.com.br/atualizacoes/?id=a&...
http://marc.info/?l=bugtraq&m=102514371522793&w=2
http://marc.info/?l=bugtraq&m=102514631524575&w=2
http://marc.info/?l=bugtraq&m=102521542826833&w=2
http://www.cert.org/advisories/CA-2002-18.html
http://www.debian.org/security/2002/dsa-134
http://www.iss.net/security_center/static/9169.php
http://www.kb.cert.org/vuls/id/369347
http://www.linuxsecurity.com/advisories/other_advi...
http://www.mandrakesoft.com/security/advisories?na...
http://www.osvdb.org/6245
http://www.securityfocus.com/bid/5093
http://www1.itrc.hp.com/service/cki/docDisplay.do?...
https://twitter.com/RooneyMcNibNug/status/11523325...
https://web.archive.org/web/20080622172542/www.iss...
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-...
http://archives.neohapsis.com/archives/bugtraq/200...
http://distro.conectiva.com.br/atualizacoes/?id=a&...
Weakness Types
CWE-190
CVE Information
CVE ID:
CVE-2002-0639
Published:
2002-07-03
Modified:
2026-04-16
CVSS Score:
9.8
Severity:
CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Vendors
openbsd
Quick Actions
View on NVD Find Similar CVEs
CVSS Severity Scale
0.0 - 3.9 LOW
4.0 - 6.9 MEDIUM
7.0 - 8.9 HIGH
9.0 - 10.0 CRITICAL