OpenSSH Off-by-One Error Vulnerability

vendor:

OpenSSH

by:

SecurityFocus

7.5

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: OpenSSH

Affected Version From: OpenSSH 2.9.9p2

Affected Version To: OpenSSH 3.4p1

Patch Exists: YES

Related CWE: CVE-2002-0639

CPE: a:openbsd:openssh

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: BSD, Linux, Solaris, and other UNIX-like operating systems

2002

OpenSSH Off-by-One Error Vulnerability

An off-by-one error occurs in the channel code of some versions of OpenSSH. A malicious client may exploit this vulnerability by connecting to a vulnerable server. Valid credentials are believed to be required, since the exploitable condition reportedly occurs after successful authentication.

Mitigation:

Administrators should patch vulnerable versions immediately.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/4241/info

OpenSSH is a suite implementing the SSH protocol. It includes client and server software, and supports ssh and sftp. It was initially developed for BSD, but is also widely used for Linux, Solaris, and other UNIX-like operating systems.

A vulnerability has been announced in some versions of OpenSSH. An off-by-one error occurs in the channel code. A malicious client may exploit this vulnerability by connecting to a vulnerable server. Valid credentials are believed to be required, since the exploitable condition reportedly occurs after successful authentication. An examination of the code suggests this, but it has not been confirmed by the maintainer.

Administrators should assume that this can be exploited without authentication and should patch vulnerable versions immediately. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/21314.tgz