Test ID:	1.3.6.1.4.1.25623.1.0.10883
Category:	Gain a shell remotely
Title:	OpenSSH Channel Code Off by 1
Summary:	You are running a version of OpenSSH which is older than 3.1.
Description:	Summary: You are running a version of OpenSSH which is older than 3.1. Vulnerability Insight: Versions prior than 3.1 are vulnerable to an off by one error that allows local users to gain root access, and it may be possible for remote users to similarly compromise the daemon for remote access. In addition, a vulnerable SSH client may be compromised by connecting to a malicious SSH daemon that exploits this vulnerability in the client code, thus compromising the client system. Solution: Upgrade to OpenSSH 3.1 or apply the patch for prior versions. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2002-0083 BugTraq ID: 4241 http://www.securityfocus.com/bid/4241 Bugtraq: 20020307 OpenSSH Security Advisory (adv.channelalloc) (Google Search) http://marc.info/?l=bugtraq&m=101553908201861&w=2 Bugtraq: 20020307 [PINE-CERT-20020301] OpenSSH off-by-one (Google Search) http://marc.info/?l=bugtraq&m=101552065005254&w=2 Bugtraq: 20020308 [OpenPKG-SA-2002.002] OpenPKG Security Advisory (openssh) (Google Search) http://marc.info/?l=bugtraq&m=101561384821761&w=2 Bugtraq: 20020310 OpenSSH 2.9.9p2 packages for Immunix 6.2 with latest fix (Google Search) http://marc.info/?l=bugtraq&m=101586991827622&w=2 Bugtraq: 20020311 TSLSA-2002-0039 - openssh (Google Search) http://archives.neohapsis.com/archives/bugtraq/2002-03/0108.html Bugtraq: 20020328 OpenSSH channel_lookup() off by one exploit (Google Search) http://online.securityfocus.com/archive/1/264657 Caldera Security Advisory: CSSA-2002-012.0 http://www.calderasystems.com/support/security/advisories/CSSA-2002-012.0.txt Caldera Security Advisory: CSSA-2002-SCO.10 ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.10/CSSA-2002-SCO.10.txt Caldera Security Advisory: CSSA-2002-SCO.11 ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.11/CSSA-2002-SCO.11.txt Conectiva Linux advisory: CLA-2002:467 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000467 Debian Security Information: DSA-119 (Google Search) http://www.debian.org/security/2002/dsa-119 En Garde Linux Advisory: ESA-20020307-007 http://www.linuxsecurity.com/advisories/other_advisory-1937.html FreeBSD Security Advisory: FreeBSD-SA-02:13 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc HPdes Security Advisory: HPSBTL0203-029 http://online.securityfocus.com/advisories/3960 http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-019.php NETBSD Security Advisory: NetBSD-SA2002-004 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-004.txt.asc http://www.osvdb.org/730 http://www.redhat.com/support/errata/RHSA-2002-043.html SuSE Security Announcement: SuSE-SA:2002:009 (Google Search) http://www.novell.com/linux/security/advisories/2002_009_openssh_txt.html http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0060.html http://www.iss.net/security_center/static/8383.php
Copyright	Copyright (C) 2002 Thomas Reinke

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.