Vulnerability Details CVE-2002-1644
SSH Secure Shell for Servers and SSH Secure Shell for Workstations 2.0.13 through 3.2.1, when running without a PTY, does not call setsid to remove the child process from the process group of the parent process, which allows attackers to gain certain privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 23.6%
CVSS Severity
CVSS v2 Score 7.2
References
- http://www.kb.cert.org/vuls/id/740619
- http://www.securityfocus.com/bid/6247
- http://www.ssh.com/company/newsroom/article/286/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10710
- http://www.kb.cert.org/vuls/id/740619
- http://www.securityfocus.com/bid/6247
- http://www.ssh.com/company/newsroom/article/286/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10710
Products affected by CVE-2002-1644
-
cpe:2.3:a:ssh:ssh2:2.0.13
-
cpe:2.3:a:ssh:ssh2:2.1
-
cpe:2.3:a:ssh:ssh2:2.2
-
cpe:2.3:a:ssh:ssh2:2.3
-
cpe:2.3:a:ssh:ssh2:2.4
-
cpe:2.3:a:ssh:ssh2:2.5
-
cpe:2.3:a:ssh:ssh2:3.0
-
cpe:2.3:a:ssh:ssh2:3.0.1
-
cpe:2.3:a:ssh:ssh2:3.1
-
cpe:2.3:a:ssh:ssh2:3.1.1
-
cpe:2.3:a:ssh:ssh2:3.1.2
-
cpe:2.3:a:ssh:ssh2:3.1.3
-
cpe:2.3:a:ssh:ssh2:3.1.4
-
cpe:2.3:a:ssh:ssh2:3.2
-
cpe:2.3:a:ssh:ssh2:3.2.1