Vulnerability CVE-2002-1715 - CERT Civis.Net

Vulnerability Name:

CVE-2002-1715 (CCN-8908)

Assigned:

2002-04-18

Published:

2002-04-18

Updated:

2017-07-11

Summary:

SSH 1 through 3, and possibly other versions, allows local users to bypass restricted shells such as rbash or rksh by uploading a script to a world-writeable directory, then executing that script to gain normal shell access.

CVSS v3 Severity:

9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Bypass Security

References:

Source: CCN
Type: BugTraq Mailing List, Thu Apr 18 2002 - 16:12:23 CDT
Restricted Shells

Source: MITRE
Type: CNA
CVE-2002-1715

Source: BUGTRAQ
Type: UNKNOWN
20020418 Restricted Shells

Source: CCN
Type: OSVDB ID: 23589
SSH Directory Permission Weakness Restricted Shell Bypass

Source: BID
Type: Exploit
4547

Source: CCN
Type: BID-4547
SSH Restricted Shell Escaping Command Execution Vulnerability

Source: XF
Type: UNKNOWN
ssh-bypass-restricted-shells(8908)

Source: XF
Type: UNKNOWN
ssh-bypass-restricted-shells(8908)

Vulnerable Configuration:

Configuration 1:

cpe:/a:ssh:ssh:1.2.0:*:*:*:*:*:*:*

OR cpe:/a:ssh:ssh:1.2.1:*:*:*:*:*:*:*

OR cpe:/a:ssh:ssh:1.2.2:*:*:*:*:*:*:*

OR cpe:/a:ssh:ssh:1.2.3:*:*:*:*:*:*:*

OR cpe:/a:ssh:ssh:1.2.4:*:*:*:*:*:*:*

OR cpe:/a:ssh:ssh:1.2.5:*:*:*:*:*:*:*

OR cpe:/a:ssh:ssh:1.2.6:*:*:*:*:*:*:*

OR cpe:/a:ssh:ssh:1.2.7:*:*:*:*:*:*:*

OR cpe:/a:ssh:ssh:1.2.8:*:*:*:*:*:*:*

OR cpe:/a:ssh:ssh:1.2.9:*:*:*:*:*:*:*

OR cpe:/a:ssh:ssh:1.2.10:*:*:*:*:*:*:*

OR cpe:/a:ssh:ssh:1.2.11:*:*:*:*:*:*:*

OR cpe:/a:ssh:ssh:1.2.12:*:*:*:*:*:*:*

OR cpe:/a:ssh:ssh:1.2.13:*:*:*:*:*:*:*

OR cpe:/a:ssh:ssh:1.2.14:*:*:*:*:*:*:*

OR cpe:/a:ssh:ssh:1.2.15:*:*:*:*:*:*:*

OR cpe:/a:ssh:ssh:1.2.16:*:*:*:*:*:*:*

OR cpe:/a:ssh:ssh:1.2.17:*:*:*:*:*:*:*

OR cpe:/a:ssh:ssh:1.2.18:*:*:*:*:*:*:*

OR cpe:/a:ssh:ssh:1.2.19:*:*:*:*:*:*:*

OR cpe:/a:ssh:ssh:1.2.20:*:*:*:*:*:*:*

OR cpe:/a:ssh:ssh:1.2.21:*:*:*:*:*:*:*

OR cpe:/a:ssh:ssh:1.2.22:*:*:*:*:*:*:*

OR cpe:/a:ssh:ssh:1.2.23:*:*:*:*:*:*:*

OR cpe:/a:ssh:ssh:1.2.24:*:*:*:*:*:*:*

OR cpe:/a:ssh:ssh:1.2.25:*:*:*:*:*:*:*

OR cpe:/a:ssh:ssh:1.2.26:*:*:*:*:*:*:*

OR cpe:/a:ssh:ssh:1.2.27:*:*:*:*:*:*:*

OR cpe:/a:ssh:ssh:1.2.28:*:*:*:*:*:*:*

OR cpe:/a:ssh:ssh:1.2.29:*:*:*:*:*:*:*

OR cpe:/a:ssh:ssh:1.2.30:*:*:*:*:*:*:*

OR cpe:/a:ssh:ssh:1.2.31:*:*:*:*:*:*:*

OR cpe:/a:ssh:ssh2:2.0:*:*:*:*:*:*:*

OR cpe:/a:ssh:ssh2:2.0.1:*:*:*:*:*:*:*

OR cpe:/a:ssh:ssh2:2.0.2:*:*:*:*:*:*:*

OR cpe:/a:ssh:ssh2:2.0.3:*:*:*:*:*:*:*

OR cpe:/a:ssh:ssh2:2.0.4:*:*:*:*:*:*:*

OR cpe:/a:ssh:ssh2:2.0.5:*:*:*:*:*:*:*

OR cpe:/a:ssh:ssh2:2.0.6:*:*:*:*:*:*:*

OR cpe:/a:ssh:ssh2:2.0.7:*:*:*:*:*:*:*

OR cpe:/a:ssh:ssh2:2.0.8:*:*:*:*:*:*:*

OR cpe:/a:ssh:ssh2:2.0.9:*:*:*:*:*:*:*

OR cpe:/a:ssh:ssh2:2.0.10:*:*:*:*:*:*:*

OR cpe:/a:ssh:ssh2:2.0.11:*:*:*:*:*:*:*

OR cpe:/a:ssh:ssh2:2.0.12:*:*:*:*:*:*:*

OR cpe:/a:ssh:ssh2:2.0.13:*:*:*:*:*:*:*

OR cpe:/a:ssh:ssh2:2.1:*:*:*:*:*:*:*

OR cpe:/a:ssh:ssh2:2.2:*:*:*:*:*:*:*

OR cpe:/a:ssh:ssh2:2.3:*:*:*:*:*:*:*

OR cpe:/a:ssh:ssh2:2.4:*:*:*:*:*:*:*

OR cpe:/a:ssh:ssh2:2.5:*:*:*:*:*:*:*

OR cpe:/a:ssh:ssh2:3.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:ssh:ssh:*:*:*:*:*:*:*:*

Denotes that component is vulnerable