CVE-2002-1644 — Ssh2 vulnerability

3 documents3 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 73.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SSH Ssh2

Timeline

PublishedNov 25

Latest updateApr 30

Description

SSH Secure Shell for Servers and SSH Secure Shell for Workstations 2.0.13 through 3.2.1, when running without a PTY, does not call setsid to remove the child process from the process group of the parent process, which allows attackers to gain certain privileges.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDssh/ssh215 versions+14

Patches

Patch: www.kb.cert.org ↗Patch: www.securityfocus.com ↗Patch: www.ssh.com ↗

🔴Vulnerability Details

GHSA

GHSA-jg6f-f7v8-2wh4: SSH Secure Shell for Servers and SSH Secure Shell for Workstations 2↗2022-04-30

▶

CVEList

CVE-2002-1644: SSH Secure Shell for Servers and SSH Secure Shell for Workstations 2↗2005-03-28

▶