cvelistv5 - cve-2002-1358

cve-2002-1358

Vulnerability from cvelistv5

Published

2002-12-17 05:00

Modified

2024-08-08 03:19

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html
cve@mitre.org	http://securitytracker.com/id?1005812
cve@mitre.org	http://securitytracker.com/id?1005813
cve@mitre.org	http://www.cert.org/advisories/CA-2002-36.html	Third Party Advisory, US Government Resource
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5721
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1005812
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1005813
af854a3a-2127-422b-91ae-364da2661108	http://www.cert.org/advisories/CA-2002-36.html	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5721

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T03:19:28.601Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1005812",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1005812"
          },
          {
            "name": "CA-2002-36",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.cert.org/advisories/CA-2002-36.html"
          },
          {
            "name": "oval:org.mitre.oval:def:5721",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5721"
          },
          {
            "name": "20021216 R7-0009: Vulnerabilities in SSH2 Implementations from Multiple Vendors",
            "tags": [
              "mailing-list",
              "x_refsource_VULNWATCH",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html"
          },
          {
            "name": "1005813",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1005813"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2002-12-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1005812",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1005812"
        },
        {
          "name": "CA-2002-36",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.cert.org/advisories/CA-2002-36.html"
        },
        {
          "name": "oval:org.mitre.oval:def:5721",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5721"
        },
        {
          "name": "20021216 R7-0009: Vulnerabilities in SSH2 Implementations from Multiple Vendors",
          "tags": [
            "mailing-list",
            "x_refsource_VULNWATCH"
          ],
          "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html"
        },
        {
          "name": "1005813",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1005813"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-1358",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1005812",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1005812"
            },
            {
              "name": "CA-2002-36",
              "refsource": "CERT",
              "url": "http://www.cert.org/advisories/CA-2002-36.html"
            },
            {
              "name": "oval:org.mitre.oval:def:5721",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5721"
            },
            {
              "name": "20021216 R7-0009: Vulnerabilities in SSH2 Implementations from Multiple Vendors",
              "refsource": "VULNWATCH",
              "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html"
            },
            {
              "name": "1005813",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1005813"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-1358",
    "datePublished": "2002-12-17T05:00:00",
    "dateReserved": "2002-12-14T00:00:00",
    "dateUpdated": "2024-08-08T03:19:28.601Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:12.0s:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2C398460-3F38-4AA7-A4B1-FD8A01588DB5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:12.0st:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DBEA01D2-B985-4575-AF00-144CE2E3024D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:12.1e:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7126E176-D739-4102-8F10-1EEB8C6A219D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:12.1ea:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E90C0554-1A50-4341-AB07-80AA854673D5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:12.1t:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"752C3C6B-910D-4153-A162-DF255F60306B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:12.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E4BC49F2-3DCB-45F0-9030-13F6415EE178\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:12.2s:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2D035A35-D53E-4C49-B4E4-F40B85866F27\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:12.2t:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"84900BB3-B49F-448A-9E04-FE423FBCCC4F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fissh:ssh_client:1.0a_for_windows:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0F994C47-04BA-4286-B206-7EC8844E39A4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:intersoft:securenetterm:5.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"06F753D5-DAAD-491E-8158-1C3CE9C30274\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netcomposite:shellguard_ssh:3.4.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B4343CA3-F040-4FBE-A688-048BBB3993F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pragma_systems:secureshell:2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5259078F-BA9C-4EAB-A331-DCA621D187D5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:putty:putty:0.48:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1283B462-042C-4857-A700-4179AAE20E2F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:putty:putty:0.49:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2791C9DD-F55D-4683-85AF-B6814C34EFBF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:putty:putty:0.53:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"58BA8E70-9491-4D4F-9182-2F48347BF6FC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:winscp:winscp:2.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"833B5B6D-9A6B-4F25-81B0-F27D82940F8D\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.\"}]",
      "id": "CVE-2002-1358",
      "lastModified": "2024-11-20T23:41:06.857",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2002-12-23T05:00:00.000",
      "references": "[{\"url\": \"http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securitytracker.com/id?1005812\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securitytracker.com/id?1005813\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.cert.org/advisories/CA-2002-36.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5721\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1005812\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1005813\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.cert.org/advisories/CA-2002-36.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5721\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2002-1358\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2002-12-23T05:00:00.000\",\"lastModified\":\"2024-11-20T23:41:06.857\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:12.0s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C398460-3F38-4AA7-A4B1-FD8A01588DB5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:12.0st:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DBEA01D2-B985-4575-AF00-144CE2E3024D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:12.1e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7126E176-D739-4102-8F10-1EEB8C6A219D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:12.1ea:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E90C0554-1A50-4341-AB07-80AA854673D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:12.1t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"752C3C6B-910D-4153-A162-DF255F60306B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:12.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4BC49F2-3DCB-45F0-9030-13F6415EE178\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:12.2s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D035A35-D53E-4C49-B4E4-F40B85866F27\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:12.2t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84900BB3-B49F-448A-9E04-FE423FBCCC4F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fissh:ssh_client:1.0a_for_windows:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F994C47-04BA-4286-B206-7EC8844E39A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intersoft:securenetterm:5.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06F753D5-DAAD-491E-8158-1C3CE9C30274\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netcomposite:shellguard_ssh:3.4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4343CA3-F040-4FBE-A688-048BBB3993F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pragma_systems:secureshell:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5259078F-BA9C-4EAB-A331-DCA621D187D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:putty:putty:0.48:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1283B462-042C-4857-A700-4179AAE20E2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:putty:putty:0.49:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2791C9DD-F55D-4683-85AF-B6814C34EFBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:putty:putty:0.53:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58BA8E70-9491-4D4F-9182-2F48347BF6FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:winscp:winscp:2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"833B5B6D-9A6B-4F25-81B0-F27D82940F8D\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1005812\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1005813\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.cert.org/advisories/CA-2002-36.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5721\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1005812\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1005813\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.cert.org/advisories/CA-2002-36.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5721\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

ghsa-44gh-mpm8-5jhq

Vulnerability from github

Published

2022-04-30 18:20

Modified

2022-04-30 18:21

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2002-1358"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2002-12-23T05:00:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.",
  "id": "GHSA-44gh-mpm8-5jhq",
  "modified": "2022-04-30T18:21:00Z",
  "published": "2022-04-30T18:20:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-1358"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5721"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1005812"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1005813"
    },
    {
      "type": "WEB",
      "url": "http://www.cert.org/advisories/CA-2002-36.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2002-1358

Vulnerability from gsd

Modified

2023-12-13 01:24

Details

Aliases

CVE-2002-1358

Aliases

CVE-2002-1358

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2002-1358",
    "description": "Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.",
    "id": "GSD-2002-1358"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2002-1358"
      ],
      "details": "Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.",
      "id": "GSD-2002-1358",
      "modified": "2023-12-13T01:24:09.813619Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2002-1358",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1005812",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1005812"
          },
          {
            "name": "CA-2002-36",
            "refsource": "CERT",
            "url": "http://www.cert.org/advisories/CA-2002-36.html"
          },
          {
            "name": "oval:org.mitre.oval:def:5721",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5721"
          },
          {
            "name": "20021216 R7-0009: Vulnerabilities in SSH2 Implementations from Multiple Vendors",
            "refsource": "VULNWATCH",
            "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html"
          },
          {
            "name": "1005813",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1005813"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0s:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0st:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1t:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.2s:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1e:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1ea:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.2t:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:fissh:ssh_client:1.0a_for_windows:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:intersoft:securenetterm:5.4.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:putty:putty:0.48:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:putty:putty:0.49:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:netcomposite:shellguard_ssh:3.4.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:pragma_systems:secureshell:2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:putty:putty:0.53:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:winscp:winscp:2.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-1358"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "CA-2002-36",
              "refsource": "CERT",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.cert.org/advisories/CA-2002-36.html"
            },
            {
              "name": "20021216 R7-0009: Vulnerabilities in SSH2 Implementations from Multiple Vendors",
              "refsource": "VULNWATCH",
              "tags": [],
              "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html"
            },
            {
              "name": "1005812",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1005812"
            },
            {
              "name": "1005813",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1005813"
            },
            {
              "name": "oval:org.mitre.oval:def:5721",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5721"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-10-11T01:29Z",
      "publishedDate": "2002-12-23T05:00Z"
    }
  }
}

Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite. Secure shell (SSH) transport layer protocol implementations from different vendors contain multiple vulnerabilities in code that handles key exchange and initialization. Both SSH servers and clients are affected. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ TCP/IP Used by higher layers SSH The transport layer protocol is SSH This is the protocol that forms the basis of the entire protocol. Key exchange, encryption technology to be used, message authentication algorithm, etc. have been agreed, and functions such as encrypted data transfer and server authentication are provided. Provided by many vendors SSH There is a deficiency in the implementation method in products that implement the protocol. Remote attackers are responsible for various malicious packets that are handled during the initial setup, key exchange, and connection phase related to this protocol. ( Packet length padding Packets with unusual lengths, packets with malformed character strings or values inserted, packets for which the algorithm is not properly defined, etc. However, the impact of this issue is provided by each vendor SSH It depends on the product. Details are currently unknown, SSH Communications Security Provided by SSH Secure Shell in the case of, SSH It can lead to server child processes or client crashes. Also F-Secure of F-Secure SSH In the case of, SSH If you use both products as a result, it may cause the server child process to crash, SSH The connection between the server and client may be lost. However, the client can connect by trying to reconnect. At this time, SSH Secure Shell and F-Secure SSH of Windows The effect of the edition is unknown. OpenSSH Is not affected by this issue. Cisco IOS In the case of SSH Because the server is disabled, the default setting is not affected by this issue.Please refer to the “Overview” for the impact of this vulnerability. A vulnerability has been reported for multiple SSH2 vendors. The vulnerability is a result of SSH2 packets containing empty elements/multiple separators. The vulnerability has been reported to affect initialization, key exchange, and negotiation phases of SSH communications. Further details about this vulnerability are currently unknown. This BID will be updated as more information becomes available. This vulnerability was originally described in BugTraq ID 6397.

-----BEGIN PGP SIGNED MESSAGE-----

CERT Advisory CA-2002-36 Multiple Vulnerabilities in SSH Implementations

Original issue date: December 16, 2002 Last revised: -- Source: CERT/CC

A complete revision history is at the end of this file.

I. It provides strong encryption, cryptographic host authentication, and integrity protection.... These vulnerabilities include buffer overflows, and they occur before any user authentication takes place. SSHredder was primarily designed to test key exchange and other processes that are specific to version 2 of the SSH protocol; however, certain classes of tests are also applicable to version 1.

Rapid7 has published a detailed advisory (R7-0009) and the SSHredder test suite.

Common Vulnerabilities and Exposures (CVE) has assigned the following candidate numbers for several classes of tests performed by SSHredder:

 * CAN-2002-1357 - incorrect field lengths
 * CAN-2002-1358 - lists with empty elements or multiple separators
 * CAN-2002-1359 - "classic" buffer overflows
 * CAN-2002-1360 - null characters in strings

II. On Microsoft Windows systems, SSH servers commonly run with SYSTEM privileges, and on UNIX systems, SSH daemons typically run with root privileges.

III. Solution

Apply a patch or upgrade

Apply the appropriate patch or upgrade as specified by your vendor. See Appendix A below and the Systems Affected section of VU#389665 for specific information.

Restrict access

Limit access to SSH servers to trusted hosts and networks using firewalls or other packet-filtering systems. Some SSH servers may have the ability to restrict access based on IP addresses, or similar effects may be achieved by using TCP wrappers or other related technology.

SSH clients can reduce the risk of attacks by only connecting to trusted servers by IP address.

While these workarounds will not prevent exploitation of these vulnerabilities, they will make attacks somewhat more difficult, in part by limiting the number of potential sources of attacks.

Appendix A. Vendor Information

This appendix contains information provided by vendors. When vendors report new information, this section is updated and the changes are noted in the revision history. If a vendor is not listed below, we have not received their comments. The Systems Affected section of VU#389665 contains additional vendor status information.

Cisco Systems, Inc.

 The   official   statement  regarding  this  is  that  we  are  not
 vulnerable.

Cray Inc.

 Cray  Inc.  supports  the  OpenSSH  product through their Cray Open
 Software  (COS)  package.  COS  3.3,  available the end of December
 2002,  is  not vulnerable. If a site is concerned, they can contact
 their  local  Cray  representive  to  obtain  an  early copy of the
 OpenSSH contained in COS 3.3.

F-Secure

 F-Secure  SSH products are not exploitable via these attacks. While
 F-Secure  SSH  versions  3.1.0  build 11 and earlier crash on these
 malicious  packets,  we  did  not find ways to exploit this to gain
 unauthorized  access  or  to  run  arbitrary code. Furthermore, the
 crash  occurs  in a forked process so the denial of service attacks
 are not possible.

Fujitsu

 Fujitsu's  UXP/V  OS  is not vulnerable because it does not support
 SSH.

IBM

 IBM's  AIX  is  not  vulnerabible  to  the issues discussed in CERT
 Vulnerability Note VU#389665.

lsh

 I've now tried the testsuite with the latest stable release of lsh,
 lsh-1.4.2. Both the client and the server seem NOT VULNERABLE.

NetScreen Technologies Inc.

 Tested latest versions. Not Vulnerable.

OpenSSH

 From  my testing it seems that the current version of OpenSSH (3.5)
 is not vulnerable to these problems, and some limited testing shows
 that no version of OpenSSH is vulnerable.

Pragma Systems, Inc.

 December 16, 2002

 Rapid 7 and CERT Coordination Center Vulnerability report VU#389665

 Pragma Systems Inc. of Austin, Texas, USA, was notified regarding a
 possible  vulnerability  with  Version  2.0  of Pragma SecureShell. 
 Pragma  Systems  tested Pragma SecureShell 2.0 and the upcoming new
 Version  3.0,  and found that the attacks did cause a memory access
 protection fault on Microsoft platforms.

 After   research,   Pragma   Systems  corrected  the  problem.

 The  problem  is  corrected  in Pragma SecureShell Version 3.0. Any
 customers  with concerns regarding this vulnerability report should
 contact   Pragma   Systems,   Inc   at   support@pragmasys.com  for
 information  on  obtaining  an upgrade free of charge. Pragma's web
 site is located at www.pragmasys.com and the company can be reached
 at 1-512-219-7270.

PuTTY

 PuTTY 0.53b addresses vulnerabilities discovered by SSHredder.

Appendix B. References

 * CERT/CC Vulnerability Note: VU#389665 -
   http://www.kb.cert.org/vuls/id/389665
 * Rapid 7 Advisory: R7-0009 -
   http://www.rapid7.com/advisories/R7-0009.txt
 * Rapid 7 SSHredder test suite -
   http://www.rapid7.com/perl/DownloadRequest.pl?PackageChoice=666
 * IETF     Draft:     SSH     Transport     Layer     Protocol     -
   http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-15. 
   txt
 * IETF Draft: SSH Protocol Architecture -
   http://www.ietf.org/internet-drafts/draft-ietf-secsh-architecture-
   13.txt
 * Privilege Separated OpenSSH -
   http://www.citi.umich.edu/u/provos/ssh/privsep.html

 _________________________________________________________________

The CERT Coordination Center thanks Rapid7 for researching and reporting these vulnerabilities. ___________

Author: Art Manion.

This document is available from: http://www.cert.org/advisories/CA-2002-36.html

CERT/CC Contact Information

Email: cert@cert.org Phone: +1 412-268-7090 (24-hour hotline) Fax: +1 412-268-6989 Postal address: CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh PA 15213-3890 U.S.A.

CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) / EDT(GMT-4) Monday through Friday; they are on call for emergencies during other hours, on U.S. holidays, and on weekends.

Using encryption

We strongly urge you to encrypt sensitive information sent by email. Our public PGP key is available from http://www.cert.org/CERT_PGP.key

If you prefer to use DES, please call the CERT hotline for more information.

Getting security information

CERT publications and other security information are available from our web site http://www.cert.org/

To subscribe to the CERT mailing list for advisories and bulletins, send email to majordomo@cert.org. Please include in the body of your message

subscribe cert-advisory

"CERT" and "CERT Coordination Center" are registered in the U.S. Patent and Trademark Office.

NO WARRANTY Any material furnished by Carnegie Mellon University and the Software Engineering Institute is furnished on an "as is" basis. Carnegie Mellon University makes no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material. Carnegie Mellon University does not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement. ___________

Conditions for use, disclaimers, and sponsorship information

Revision History

December 16, 2002: Initial release

-----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8

iQCVAwUBPf4qimjtSoHZUTs5AQEGbAQAiJcA+QFf2mOElaPIFwEmSRC83xlKifq/ PlmaGbUx2UnwTIi8s2ETF8KjlfQjjgO20B4ms1MMaJ/heyxklOgpeBOQ2mpa2Tnd yIY7sxpBuRjF1qS6yQ8/OrcsSqVxdxZWkPLAypV11WcJlMmSxxLdKi5t86EsWic3 xazIo8XEipc= =Nj+0 -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200212-0625",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ios",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "cisco",
        "version": "12.2"
      },
      {
        "model": "winscp",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "winscp",
        "version": "2.0.0"
      },
      {
        "model": "shellguard ssh",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "netcomposite",
        "version": "3.4.6"
      },
      {
        "model": "securenetterm",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "intersoft",
        "version": "5.4.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "12.2s"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "12.2t"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "12.0st"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "12.1e"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "12.1t"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "12.1ea"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "12.0s"
      },
      {
        "model": "putty",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "putty",
        "version": "0.53"
      },
      {
        "model": "ssh client",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fissh",
        "version": "1.0a_for_windows"
      },
      {
        "model": "secureshell",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "pragma",
        "version": "2.0"
      },
      {
        "model": "putty",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "putty",
        "version": "0.49"
      },
      {
        "model": "putty",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "putty",
        "version": "0.48"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "alcatel",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "f secure",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "intersoft",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "nortel",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "pragma",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "putty",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "riverstone",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ssh security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "winscp",
        "version": null
      },
      {
        "model": "f-secure ssh",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "f secure",
        "version": "3.1.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "12.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "12.1"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "6.0"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "6.1"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "6.2"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "6.3"
      },
      {
        "model": "tatham putty",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "simon",
        "version": "0.53"
      },
      {
        "model": "tatham putty",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "simon",
        "version": "0.49"
      },
      {
        "model": "tatham putty",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "simon",
        "version": "0.48"
      },
      {
        "model": "systems secureshell",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "pragma",
        "version": "2.0"
      },
      {
        "model": "ssh client for windows a",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "fissh",
        "version": "1.0"
      },
      {
        "model": "tatham putty b",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "simon",
        "version": "0.53"
      },
      {
        "model": "systems secureshell",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "pragma",
        "version": "3.0"
      },
      {
        "model": "openssh",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "openssh",
        "version": "3.5"
      },
      {
        "model": "p1",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "openssh",
        "version": "3.4"
      },
      {
        "model": "openssh",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "openssh",
        "version": "3.4"
      },
      {
        "model": "p1",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "openssh",
        "version": "3.3"
      },
      {
        "model": "openssh",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "openssh",
        "version": "3.3"
      },
      {
        "model": "p1",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "openssh",
        "version": "3.2.3"
      },
      {
        "model": "p1",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "openssh",
        "version": "3.2.2"
      },
      {
        "model": "openssh",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "openssh",
        "version": "3.2"
      },
      {
        "model": "p1",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "openssh",
        "version": "3.1"
      },
      {
        "model": "openssh",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "openssh",
        "version": "3.1"
      },
      {
        "model": "p1",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "openssh",
        "version": "3.0.2"
      },
      {
        "model": "openssh",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "openssh",
        "version": "3.0.2"
      },
      {
        "model": "p1",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "openssh",
        "version": "3.0.1"
      },
      {
        "model": "openssh",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "openssh",
        "version": "3.0.1"
      },
      {
        "model": "p1",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "openssh",
        "version": "3.0"
      },
      {
        "model": "openssh",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "openssh",
        "version": "3.0"
      },
      {
        "model": "lsh",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "lsh",
        "version": "1.5"
      },
      {
        "model": "securenetterm",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "intersoft",
        "version": "5.4.2"
      },
      {
        "model": "winsshd",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "bitvise",
        "version": "3.5"
      },
      {
        "model": "ons",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "156001.3(0)"
      },
      {
        "model": "ons",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "156001.1(1)"
      },
      {
        "model": "ons",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "156001.1(0)"
      },
      {
        "model": "ons",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "156001.1"
      },
      {
        "model": "ons",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "156001.0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(1)"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.6(0)"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.5"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(3)"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(2)"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(1)"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(0)"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(2)"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(1)"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0(0)"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.4"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.3"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.2"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "ons 15454sdh",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.3(5)"
      },
      {
        "model": "ons 15454e optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.14"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(1)"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.6(0)"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.5"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(3)"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(2)"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(1)"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1(0)"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.1"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(2)"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0(1)"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154544.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.4"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.3"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.2.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.1.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154543.0"
      },
      {
        "model": "ons optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154542.3(5)"
      },
      {
        "model": "ons ios-based blades",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15454"
      },
      {
        "model": "ons metro edge optical transport platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "15327"
      },
      {
        "model": "ons",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "153274.14"
      },
      {
        "model": "ons",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "153274.6(1)"
      },
      {
        "model": "ons",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "153274.6(0)"
      },
      {
        "model": "ons",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "153274.1(3)"
      },
      {
        "model": "ons",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "153274.1(2)"
      },
      {
        "model": "ons",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "153274.1(1)"
      },
      {
        "model": "ons",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "153274.1(0)"
      },
      {
        "model": "ons",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "153274.0(2)"
      },
      {
        "model": "ons",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "153274.0(1)"
      },
      {
        "model": "ons",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "153274.0"
      },
      {
        "model": "ons",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "153273.4"
      },
      {
        "model": "ons",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "153273.3"
      },
      {
        "model": "ons",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "153273.2"
      },
      {
        "model": "ons",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "153273.1"
      },
      {
        "model": "ons",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "153273.0"
      },
      {
        "model": "ios 12.2t",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2s",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1t",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1ea",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0st",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0s",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "securecrt",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vandyke",
        "version": "3.4.3"
      },
      {
        "model": "vshell",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "van dyke",
        "version": "1.2"
      },
      {
        "model": "ttssh",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ttssh",
        "version": "1.5.4"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#389665"
      },
      {
        "db": "BID",
        "id": "6408"
      },
      {
        "db": "BID",
        "id": "6397"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2002-000323"
      },
      {
        "db": "NVD",
        "id": "CVE-2002-1358"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200212-047"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0s:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0st:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1t:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.2s:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1e:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1ea:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.2t:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:fissh:ssh_client:1.0a_for_windows:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:intersoft:securenetterm:5.4.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:putty:putty:0.48:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:putty:putty:0.49:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:netcomposite:shellguard_ssh:3.4.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:pragma_systems:secureshell:2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:putty:putty:0.53:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:winscp:winscp:2.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2002-1358"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Rapid 7 Security Advisories\u203b advisory@rapid7.com",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200212-047"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2002-1358",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": true,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2002-1358",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-5743",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2002-1358",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#389665",
            "trust": 0.8,
            "value": "11.04"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200212-047",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-5743",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#389665"
      },
      {
        "db": "VULHUB",
        "id": "VHN-5743"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2002-000323"
      },
      {
        "db": "NVD",
        "id": "CVE-2002-1358"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200212-047"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite. Secure shell (SSH) transport layer protocol implementations from different vendors contain multiple vulnerabilities in code that handles key exchange and initialization.  Both SSH servers and clients are affected. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ TCP/IP Used by higher layers SSH The transport layer protocol is SSH This is the protocol that forms the basis of the entire protocol. Key exchange, encryption technology to be used, message authentication algorithm, etc. have been agreed, and functions such as encrypted data transfer and server authentication are provided. Provided by many vendors SSH There is a deficiency in the implementation method in products that implement the protocol. Remote attackers are responsible for various malicious packets that are handled during the initial setup, key exchange, and connection phase related to this protocol. ( Packet length padding Packets with unusual lengths, packets with malformed character strings or values inserted, packets for which the algorithm is not properly defined, etc. However, the impact of this issue is provided by each vendor SSH It depends on the product. Details are currently unknown, SSH Communications Security Provided by SSH Secure Shell in the case of, SSH It can lead to server child processes or client crashes. Also F-Secure of F-Secure SSH In the case of, SSH If you use both products as a result, it may cause the server child process to crash, SSH The connection between the server and client may be lost. However, the client can connect by trying to reconnect. At this time, SSH Secure Shell and F-Secure SSH of Windows The effect of the edition is unknown. OpenSSH Is not affected by this issue. Cisco IOS In the case of SSH Because the server is disabled, the default setting is not affected by this issue.Please refer to the \u201cOverview\u201d for the impact of this vulnerability. A vulnerability has been reported for multiple SSH2 vendors. The vulnerability is a result of SSH2 packets containing empty elements/multiple separators. \nThe vulnerability has been reported to affect initialization, key exchange, and negotiation phases of SSH communications. \nFurther details about this vulnerability are currently unknown. This BID will be updated as more information becomes available. This vulnerability was originally described in BugTraq ID 6397. \n\n-----BEGIN PGP SIGNED MESSAGE-----\n\n\nCERT Advisory CA-2002-36 Multiple Vulnerabilities in SSH Implementations\n\n   Original issue date: December 16, 2002\n   Last revised: --\n   Source: CERT/CC\n\n   A complete revision history is at the end of this file. \n\n\nI. \n     It  provides  strong encryption, cryptographic host authentication,\n     and  integrity  protection.... These vulnerabilities include buffer\n   overflows,  and they occur before any user authentication takes place. \n   SSHredder  was  primarily  designed  to  test  key  exchange and other\n   processes that are specific to version 2 of the SSH protocol; however,\n   certain classes of tests are also applicable to version 1. \n\n   Rapid7  has  published a detailed advisory (R7-0009) and the SSHredder\n   test suite. \n\n   Common  Vulnerabilities and Exposures (CVE) has assigned the following\n   candidate numbers for several classes of tests performed by SSHredder:\n\n     * CAN-2002-1357 - incorrect field lengths\n     * CAN-2002-1358 - lists with empty elements or multiple separators\n     * CAN-2002-1359 - \"classic\" buffer overflows\n     * CAN-2002-1360 - null characters in strings\n\n\nII. On\n   Microsoft  Windows  systems,  SSH  servers  commonly  run  with SYSTEM\n   privileges,  and  on UNIX systems, SSH daemons typically run with root\n   privileges. \n\n\nIII. Solution\n\nApply a patch or upgrade\n\n   Apply  the  appropriate  patch or upgrade as specified by your vendor. \n   See Appendix A below and the Systems Affected section of VU#389665 for\n   specific information. \n\nRestrict access\n\n   Limit  access  to  SSH  servers  to  trusted  hosts and networks using\n   firewalls or other packet-filtering systems. Some SSH servers may have\n   the  ability  to  restrict  access  based  on IP addresses, or similar\n   effects  may  be  achieved  by  using  TCP  wrappers  or other related\n   technology. \n\n   SSH  clients  can  reduce  the  risk  of attacks by only connecting to\n   trusted servers by IP address. \n\n   While  these  workarounds  will  not  prevent  exploitation  of  these\n   vulnerabilities,  they  will  make attacks somewhat more difficult, in\n   part by limiting the number of potential sources of attacks. \n\n\nAppendix A. Vendor Information\n\n   This  appendix  contains information provided by vendors. When vendors\n   report  new  information,  this section is updated and the changes are\n   noted  in  the  revision  history. If a vendor is not listed below, we\n   have  not  received  their  comments.  The Systems Affected section of\n   VU#389665 contains additional vendor status information. \n\nCisco Systems, Inc. \n\n     The   official   statement  regarding  this  is  that  we  are  not\n     vulnerable. \n\nCray Inc. \n\n     Cray  Inc.  supports  the  OpenSSH  product through their Cray Open\n     Software  (COS)  package.  COS  3.3,  available the end of December\n     2002,  is  not vulnerable. If a site is concerned, they can contact\n     their  local  Cray  representive  to  obtain  an  early copy of the\n     OpenSSH contained in COS 3.3. \n\nF-Secure\n\n     F-Secure  SSH products are not exploitable via these attacks. While\n     F-Secure  SSH  versions  3.1.0  build 11 and earlier crash on these\n     malicious  packets,  we  did  not find ways to exploit this to gain\n     unauthorized  access  or  to  run  arbitrary code. Furthermore, the\n     crash  occurs  in a forked process so the denial of service attacks\n     are not possible. \n\nFujitsu\n\n     Fujitsu\u0027s  UXP/V  OS  is not vulnerable because it does not support\n     SSH. \n\nIBM\n\n     IBM\u0027s  AIX  is  not  vulnerabible  to  the issues discussed in CERT\n     Vulnerability Note VU#389665. \n\nlsh\n\n     I\u0027ve now tried the testsuite with the latest stable release of lsh,\n     lsh-1.4.2. Both the client and the server seem NOT VULNERABLE. \n\nNetScreen Technologies Inc. \n\n     Tested latest versions. Not Vulnerable. \n\nOpenSSH\n\n     From  my testing it seems that the current version of OpenSSH (3.5)\n     is not vulnerable to these problems, and some limited testing shows\n     that no version of OpenSSH is vulnerable. \n\nPragma Systems, Inc. \n\n     December 16, 2002\n\n     Rapid 7 and CERT Coordination Center Vulnerability report VU#389665\n\n     Pragma Systems Inc. of Austin, Texas, USA, was notified regarding a\n     possible  vulnerability  with  Version  2.0  of Pragma SecureShell. \n     Pragma  Systems  tested Pragma SecureShell 2.0 and the upcoming new\n     Version  3.0,  and found that the attacks did cause a memory access\n     protection fault on Microsoft platforms. \n\n     After   research,   Pragma   Systems  corrected  the  problem. \n\n     The  problem  is  corrected  in Pragma SecureShell Version 3.0. Any\n     customers  with concerns regarding this vulnerability report should\n     contact   Pragma   Systems,   Inc   at   support@pragmasys.com  for\n     information  on  obtaining  an upgrade free of charge. Pragma\u0027s web\n     site is located at www.pragmasys.com and the company can be reached\n     at 1-512-219-7270. \n\nPuTTY\n\n     PuTTY 0.53b addresses vulnerabilities discovered by SSHredder. \n\n\nAppendix B. References\n\n     * CERT/CC Vulnerability Note: VU#389665 -\n       http://www.kb.cert.org/vuls/id/389665\n     * Rapid 7 Advisory: R7-0009 -\n       http://www.rapid7.com/advisories/R7-0009.txt\n     * Rapid 7 SSHredder test suite -\n       http://www.rapid7.com/perl/DownloadRequest.pl?PackageChoice=666\n     * IETF     Draft:     SSH     Transport     Layer     Protocol     -\n       http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-15. \n       txt\n     * IETF Draft: SSH Protocol Architecture -\n       http://www.ietf.org/internet-drafts/draft-ietf-secsh-architecture-\n       13.txt\n     * Privilege Separated OpenSSH -\n       http://www.citi.umich.edu/u/provos/ssh/privsep.html\n\n     _________________________________________________________________\n\n   The  CERT  Coordination  Center  thanks  Rapid7  for  researching  and\n   reporting these vulnerabilities. \n     _________________________________________________________________\n\n   Author: Art Manion. \n   ______________________________________________________________________\n\n   This document is available from:\n   http://www.cert.org/advisories/CA-2002-36.html\n   ______________________________________________________________________\n\n\nCERT/CC Contact Information\n\n   Email: cert@cert.org\n          Phone: +1 412-268-7090 (24-hour hotline)\n          Fax: +1 412-268-6989\n          Postal address:\n          CERT Coordination Center\n          Software Engineering Institute\n          Carnegie Mellon University\n          Pittsburgh PA 15213-3890\n          U.S.A. \n\n   CERT/CC   personnel   answer  the  hotline  08:00-17:00  EST(GMT-5)  /\n   EDT(GMT-4)  Monday  through  Friday;  they are on call for emergencies\n   during other hours, on U.S. holidays, and on weekends. \n\nUsing encryption\n\n   We  strongly  urge you to encrypt sensitive information sent by email. \n   Our public PGP key is available from\n   http://www.cert.org/CERT_PGP.key\n\n   If  you  prefer  to  use  DES,  please  call the CERT hotline for more\n   information. \n\nGetting security information\n\n   CERT  publications  and  other security information are available from\n   our web site\n   http://www.cert.org/\n\n   To  subscribe  to  the CERT mailing list for advisories and bulletins,\n   send  email  to majordomo@cert.org. Please include in the body of your\n   message\n\n   subscribe cert-advisory\n\n   *  \"CERT\"  and  \"CERT  Coordination Center\" are registered in the U.S. \n   Patent and Trademark Office. \n   ______________________________________________________________________\n\n   NO WARRANTY\n   Any  material furnished by Carnegie Mellon University and the Software\n   Engineering  Institute  is  furnished  on  an  \"as is\" basis. Carnegie\n   Mellon University makes no warranties of any kind, either expressed or\n   implied  as  to  any matter including, but not limited to, warranty of\n   fitness  for  a  particular purpose or merchantability, exclusivity or\n   results  obtained from use of the material. Carnegie Mellon University\n   does  not  make  any warranty of any kind with respect to freedom from\n   patent, trademark, or copyright infringement. \n     _________________________________________________________________\n\n   Conditions for use, disclaimers, and sponsorship information\n\n   Copyright 2002 Carnegie Mellon University. \n\n   Revision History\n\n   December 16, 2002: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 6.5.8\n\niQCVAwUBPf4qimjtSoHZUTs5AQEGbAQAiJcA+QFf2mOElaPIFwEmSRC83xlKifq/\nPlmaGbUx2UnwTIi8s2ETF8KjlfQjjgO20B4ms1MMaJ/heyxklOgpeBOQ2mpa2Tnd\nyIY7sxpBuRjF1qS6yQ8/OrcsSqVxdxZWkPLAypV11WcJlMmSxxLdKi5t86EsWic3\nxazIo8XEipc=\n=Nj+0\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2002-1358"
      },
      {
        "db": "CERT/CC",
        "id": "VU#389665"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2002-000323"
      },
      {
        "db": "BID",
        "id": "6408"
      },
      {
        "db": "BID",
        "id": "6397"
      },
      {
        "db": "VULHUB",
        "id": "VHN-5743"
      },
      {
        "db": "PACKETSTORM",
        "id": "30625"
      }
    ],
    "trust": 3.06
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2002-1358",
        "trust": 2.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#389665",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1005813",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1005812",
        "trust": 1.7
      },
      {
        "db": "BID",
        "id": "6408",
        "trust": 1.2
      },
      {
        "db": "BID",
        "id": "6397",
        "trust": 1.1
      },
      {
        "db": "BID",
        "id": "6407",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "6410",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "6405",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2002-000323",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200212-047",
        "trust": 0.7
      },
      {
        "db": "OVAL",
        "id": "OVAL:ORG.MITRE.OVAL:DEF:5721",
        "trust": 0.6
      },
      {
        "db": "CERT/CC",
        "id": "CA-2002-36",
        "trust": 0.6
      },
      {
        "db": "VULNWATCH",
        "id": "20021216 R7-0009: VULNERABILITIES IN SSH2 IMPLEMENTATIONS FROM MULTIPLE VENDORS",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-5743",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "30625",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#389665"
      },
      {
        "db": "VULHUB",
        "id": "VHN-5743"
      },
      {
        "db": "BID",
        "id": "6408"
      },
      {
        "db": "BID",
        "id": "6397"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2002-000323"
      },
      {
        "db": "PACKETSTORM",
        "id": "30625"
      },
      {
        "db": "NVD",
        "id": "CVE-2002-1358"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200212-047"
      }
    ]
  },
  "id": "VAR-200212-0625",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-5743"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:13:58.008000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "ssh-packet-suite-vuln",
        "trust": 0.8,
        "url": "http://www.cisco.com/warp/public/707/ssh-packet-suite-vuln.shtml"
      },
      {
        "title": "2003120403",
        "trust": 0.8,
        "url": "http://support.f-secure.com/enu/corporate/supportissue/ssh/comments/comments-issue-2003120403.shtml"
      },
      {
        "title": "303",
        "trust": 0.8,
        "url": "http://www.ssh.com/company/newsroom/article/303/"
      },
      {
        "title": "ssh-packet-suite-vuln",
        "trust": 0.8,
        "url": "http://www.cisco.com/japanese/warp/public/3/jp/service/tac/707/ssh-packet-suite-vuln-j.shtml"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2002-000323"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-5743"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2002-000323"
      },
      {
        "db": "NVD",
        "id": "CVE-2002-1358"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.2,
        "url": "http://www.cert.org/advisories/ca-2002-36.html"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1005812"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1005813"
      },
      {
        "trust": 1.7,
        "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html"
      },
      {
        "trust": 1.1,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5721"
      },
      {
        "trust": 0.9,
        "url": "http://www.rapid7.com/advisories/r7-0009.txt"
      },
      {
        "trust": 0.9,
        "url": "http://www.rapid7.com/perl/downloadrequest.pl?packagechoice=666"
      },
      {
        "trust": 0.9,
        "url": "http://www.citi.umich.edu/u/provos/ssh/privsep.html"
      },
      {
        "trust": 0.9,
        "url": "http://www.kb.cert.org/vuls/id/389665"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-15.txt"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/internet-drafts/draft-ietf-secsh-architecture-13.txt"
      },
      {
        "trust": 0.8,
        "url": "http://www.ciac.org/ciac/bulletins/n-028.shtml"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-1358"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/wr/2002/wr025001.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnca-2002-36"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-1358"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/6407"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/6405"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/6408"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/6397"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/6410"
      },
      {
        "trust": 0.6,
        "url": "http://www.f-secure.com/"
      },
      {
        "trust": 0.6,
        "url": "http://www.ssh.com"
      },
      {
        "trust": 0.6,
        "url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:5721"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/warp/public/707/ssh-packet-suite-vuln.shtml"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/305241"
      },
      {
        "trust": 0.1,
        "url": "http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-15."
      },
      {
        "trust": 0.1,
        "url": "http://www.ietf.org/internet-drafts/draft-ietf-secsh-architecture-"
      },
      {
        "trust": 0.1,
        "url": "http://www.cert.org/"
      },
      {
        "trust": 0.1,
        "url": "http://www.cert.org/cert_pgp.key"
      },
      {
        "trust": 0.1,
        "url": "https://www.pragmasys.com"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#389665"
      },
      {
        "db": "VULHUB",
        "id": "VHN-5743"
      },
      {
        "db": "BID",
        "id": "6408"
      },
      {
        "db": "BID",
        "id": "6397"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2002-000323"
      },
      {
        "db": "PACKETSTORM",
        "id": "30625"
      },
      {
        "db": "NVD",
        "id": "CVE-2002-1358"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200212-047"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#389665"
      },
      {
        "db": "VULHUB",
        "id": "VHN-5743"
      },
      {
        "db": "BID",
        "id": "6408"
      },
      {
        "db": "BID",
        "id": "6397"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2002-000323"
      },
      {
        "db": "PACKETSTORM",
        "id": "30625"
      },
      {
        "db": "NVD",
        "id": "CVE-2002-1358"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200212-047"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2002-12-16T00:00:00",
        "db": "CERT/CC",
        "id": "VU#389665"
      },
      {
        "date": "2002-12-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-5743"
      },
      {
        "date": "2002-12-16T00:00:00",
        "db": "BID",
        "id": "6408"
      },
      {
        "date": "2002-12-16T00:00:00",
        "db": "BID",
        "id": "6397"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2002-000323"
      },
      {
        "date": "2002-12-21T10:23:09",
        "db": "PACKETSTORM",
        "id": "30625"
      },
      {
        "date": "2002-12-23T05:00:00",
        "db": "NVD",
        "id": "CVE-2002-1358"
      },
      {
        "date": "2002-12-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200212-047"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2003-06-18T00:00:00",
        "db": "CERT/CC",
        "id": "VU#389665"
      },
      {
        "date": "2017-10-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-5743"
      },
      {
        "date": "2009-07-11T19:16:00",
        "db": "BID",
        "id": "6408"
      },
      {
        "date": "2002-12-16T00:00:00",
        "db": "BID",
        "id": "6397"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2002-000323"
      },
      {
        "date": "2017-10-11T01:29:03.683000",
        "db": "NVD",
        "id": "CVE-2002-1358"
      },
      {
        "date": "2009-03-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200212-047"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "30625"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200212-047"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple vendors\u0027 SSH transport layer protocol implementations contain vulnerabilities in key exchange and initialization",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#389665"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200212-047"
      }
    ],
    "trust": 0.6
  }
}

cve-2002-1358

Vulnerability from fkie_nvd

Published

2002-12-23 05:00

Modified

2024-11-20 23:41

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html
cve@mitre.org	http://securitytracker.com/id?1005812
cve@mitre.org	http://securitytracker.com/id?1005813
cve@mitre.org	http://www.cert.org/advisories/CA-2002-36.html	Third Party Advisory, US Government Resource
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5721
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1005812
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1005813
af854a3a-2127-422b-91ae-364da2661108	http://www.cert.org/advisories/CA-2002-36.html	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5721

Impacted products

Vendor	Product	Version
cisco	ios	12.0s
cisco	ios	12.0st
cisco	ios	12.1e
cisco	ios	12.1ea
cisco	ios	12.1t
cisco	ios	12.2
cisco	ios	12.2s
cisco	ios	12.2t
fissh	ssh_client	1.0a_for_windows
intersoft	securenetterm	5.4.1
netcomposite	shellguard_ssh	3.4.6
pragma_systems	secureshell	2.0
putty	putty	0.48
putty	putty	0.49
putty	putty	0.53
winscp	winscp	2.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0s:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C398460-3F38-4AA7-A4B1-FD8A01588DB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0st:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBEA01D2-B985-4575-AF00-144CE2E3024D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1e:*:*:*:*:*:*:*",
              "matchCriteriaId": "7126E176-D739-4102-8F10-1EEB8C6A219D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1ea:*:*:*:*:*:*:*",
              "matchCriteriaId": "E90C0554-1A50-4341-AB07-80AA854673D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1t:*:*:*:*:*:*:*",
              "matchCriteriaId": "752C3C6B-910D-4153-A162-DF255F60306B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4BC49F2-3DCB-45F0-9030-13F6415EE178",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.2s:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D035A35-D53E-4C49-B4E4-F40B85866F27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.2t:*:*:*:*:*:*:*",
              "matchCriteriaId": "84900BB3-B49F-448A-9E04-FE423FBCCC4F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fissh:ssh_client:1.0a_for_windows:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F994C47-04BA-4286-B206-7EC8844E39A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intersoft:securenetterm:5.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "06F753D5-DAAD-491E-8158-1C3CE9C30274",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netcomposite:shellguard_ssh:3.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4343CA3-F040-4FBE-A688-048BBB3993F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pragma_systems:secureshell:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5259078F-BA9C-4EAB-A331-DCA621D187D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:putty:putty:0.48:*:*:*:*:*:*:*",
              "matchCriteriaId": "1283B462-042C-4857-A700-4179AAE20E2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:putty:putty:0.49:*:*:*:*:*:*:*",
              "matchCriteriaId": "2791C9DD-F55D-4683-85AF-B6814C34EFBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:putty:putty:0.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "58BA8E70-9491-4D4F-9182-2F48347BF6FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:winscp:winscp:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "833B5B6D-9A6B-4F25-81B0-F27D82940F8D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite."
    }
  ],
  "id": "CVE-2002-1358",
  "lastModified": "2024-11-20T23:41:06.857",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2002-12-23T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1005812"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1005813"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.cert.org/advisories/CA-2002-36.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5721"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1005812"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1005813"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.cert.org/advisories/CA-2002-36.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5721"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2002-1358

Vulnerability from cvelistv5

ghsa-44gh-mpm8-5jhq

Vulnerability from github

gsd-2002-1358

Vulnerability from gsd

var-200212-0625

Vulnerability from variot

cve-2002-1358

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature