OpenSSH < 3.1 Channel Code Off by One Remote Privilege Escalation

critical Nessus Plugin ID 10883

Synopsis

Arbitrary code may be run on the remote host.

Description

You are running a version of OpenSSH which is older than 3.1.

Versions prior than 3.1 are vulnerable to an off by one error that allows local users to gain root access, and it may be possible for remote users to similarly compromise the daemon for remote access.

In addition, a vulnerable SSH client may be compromised by connecting to a malicious SSH daemon that exploits this vulnerability in the client code, thus compromising the client system.

Solution

Upgrade to OpenSSH 3.1 or apply the patch for prior versions. (See: http://www.openssh.org)

Plugin Details

Severity: Critical

ID: 10883

File Name: openssh_channel.nasl

Version: 1.26

Type: remote

Published: 3/7/2002

Updated: 3/27/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:openbsd:openssh

Required KB Items: installed_sw/OpenSSH

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 3/7/2002

Exploitable With

Core Impact

Reference Information

CVE: CVE-2002-0083

BID: 4241

CWE: 189