| Vulnerability Name: | CVE-2002-1359 (CCN-10870) | ||||||||
| Assigned: | 2002-12-16 | ||||||||
| Published: | 2002-12-16 | ||||||||
| Updated: | 2017-10-11 | ||||||||
| Summary: | Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder SSH protocol test suite. | ||||||||
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C) 8.3 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
8.3 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-20 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: VULNWATCH Type: Vendor Advisory 20021216 R7-0009: Vulnerabilities in SSH2 Implementations from Multiple Vendors Source: MITRE Type: CNA CVE-2002-1359 Source: CCN Type: SECTRACK ID: 1005812 F-Secure SSH Client and Server SSH2 Implementation Bugs Allow Only Limited Remote Denial of Service Issues Source: SECTRACK Type: UNKNOWN 1005812 Source: CCN Type: SECTRACK ID: 1005813 SSH Communications SSH Client and Server SSH2 Implementation Bugs Allow Only Limited Denial of Service Source: SECTRACK Type: UNKNOWN 1005813 Source: CCN Type: CERT Advisory CA-2002-36 Multiple Vulnerabilities in SSH Implementations Source: CERT Type: Third Party Advisory, US Government Resource CA-2002-36 Source: CCN Type: PuTTY Web site PuTTY Download Page Source: CCN Type: CIAC Information Bulletin N-028 Vulnerabilities in SSH2 Implementations from Multiple Vendors Source: CCN Type: Cisco Systems Inc. Security Advisory, 2002 December 19th 23:00 GMT SSH Malformed Packet Vulnerabilities Source: CCN Type: OSVDB ID: 8044 Multiple Vendor SSH2 Server/Client Large Field Overflows Source: CCN Type: Pragma Systems Web site Pragma SecureShell Updates Source: CCN Type: Rapid 7, Inc. Security Advisory R7-0009 Vulnerabilities in SSH2 Implementations from Multiple Vendors Source: CCN Type: SecureNetTerm Web site Downloads - InterSoft International, Inc. Source: CCN Type: BID-6397 Multiple Vendor SSH2 Implementation Vulnerabilities Source: BID Type: UNKNOWN 6407 Source: CCN Type: BID-6407 Multiple Vendor SSH2 Implementation Buffer Overflow Vulnerabilities Source: XF Type: UNKNOWN ssh-transport-multiple-bo(10870) Source: XF Type: UNKNOWN ssh-transport-multiple-bo(10870) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:5848 Source: CCN Type: Rapid7 Vulnerability and Exploit Database PuTTY Buffer Overflow | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||