Mandrake Linux Security Advisory : openssh (MDKSA-2002:019)

Critical Nessus Plugin ID 13927


The remote Mandrake Linux host is missing one or more security updates.


Joost Pol found a bug in the channel code of all versions of OpenSSH from 2.0 to 3.0.2. This bug can allow authenticated users with an existing account on the vulnerable system to obtain root privilege or by a malicious server attacking a vulnerable client. OpenSSH 3.1 is not vulnerable to this problem. The provided packages fix this vulnerability.


Update the affected packages.

See Also

Plugin Details

Severity: Critical

ID: 13927

File Name: mandrake_MDKSA-2002-019.nasl

Version: $Revision: 1.16 $

Type: local

Published: 2004/07/31

Modified: 2013/05/31

Dependencies: 12634

Risk Information

Risk Factor: Critical


Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:openssh, p-cpe:/a:mandriva:linux:openssh-askpass, p-cpe:/a:mandriva:linux:openssh-askpass-gnome, p-cpe:/a:mandriva:linux:openssh-clients, p-cpe:/a:mandriva:linux:openssh-server, cpe:/o:mandrakesoft:mandrake_linux:7.1, cpe:/o:mandrakesoft:mandrake_linux:7.2, cpe:/o:mandrakesoft:mandrake_linux:8.0, cpe:/o:mandrakesoft:mandrake_linux:8.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2002/03/07

Exploitable With

Core Impact

Reference Information

CVE: CVE-2002-0083

MDKSA: 2002:019

CWE: 189