{"vuid":"VU#408419","idnumber":"408419","name":"OpenSSH contains a one-off overflow of an array in the channel handling code","keywords":["OpenSSH","privilege escalation"],"overview":"OpenSSH is a program used to provide secure connection and communications between client and servers. Channels are used to segregate differing traffic between the client and the server.","clean_desc":"OpenSSH versions 2.0 - 3.0.2 contain a one-off overflow of an array in the code that handles channels. For an attack against the server, the attacker must be able to authenticate to the system in order to exploit this vulnerability. For an attack against the client, the client must connect to a malicious server.","impact":"An attacker is able to execute arbitrary code with the privileges of the sshd process on the server. The sshd process usually runs as root/superuser. A malicious server is able to execute arbitrary code on the vulnerable client's machine with the privileges of the current user.","resolution":"Upgrade to OpenSSH version 3.1.","workarounds":"","sysaffected":"","thanks":"This vulnerability was discovered by Joost Pol <joost@pine.nl>.","author":"This document was written by Jason Rafail.","public":["http://www.openbsd.org/advisories/ssh_channelalloc.txt","http://www.pine.nl/advisories/pine-cert-20020301.txt","http://online.securityfocus.com/bid/4241"],"cveids":["CVE-2002-0083"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2002-03-07T15:12:17Z","publicdate":"2002-03-07T00:00:00Z","datefirstpublished":"2002-03-07T16:52:25Z","dateupdated":"2002-04-02T16:23:15Z","revision":7,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"17","cam_exploitation":"0","cam_internetinfrastructure":"15","cam_population":"15","cam_impact":"19","cam_easeofexploitation":"15","cam_attackeraccessrequired":"10","cam_scorecurrent":"25.65","cam_scorecurrentwidelyknown":"28.0546875","cam_scorecurrentwidelyknownexploited":"44.0859375","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":25.65,"vulnote":null}