Vulnerabilities > CVE-2002-1715 - Unspecified vulnerability in SSH and Ssh2

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

ssh

exploit available

NVD

Published: 2002-12-31

Updated: 2017-07-11

Summary

SSH 1 through 3, and possibly other versions, allows local users to bypass restricted shells such as rbash or rksh by uploading a script to a world-writeable directory, then executing that script to gain normal shell access.

Vulnerable Configurations

Part	Description	Count
Application	Ssh SSH SSH 1.2.0 SSH SSH 1.2.1 SSH SSH 1.2.2 SSH SSH 1.2.3 SSH SSH 1.2.4 SSH SSH 1.2.5 SSH SSH 1.2.6 SSH SSH 1.2.7 SSH SSH 1.2.8 SSH SSH 1.2.9 SSH SSH 1.2.10 SSH SSH 1.2.11 SSH SSH 1.2.12 SSH SSH 1.2.13 SSH SSH 1.2.14 SSH SSH 1.2.15 SSH SSH 1.2.16 SSH SSH 1.2.17 SSH SSH 1.2.18 SSH SSH 1.2.19 SSH SSH 1.2.20 SSH SSH 1.2.21 SSH SSH 1.2.22 SSH SSH 1.2.23 SSH SSH 1.2.24 SSH SSH 1.2.25 SSH SSH 1.2.26 SSH SSH 1.2.27 SSH SSH 1.2.28 SSH SSH 1.2.29 SSH SSH 1.2.30 SSH SSH 1.2.31 SSH Ssh2 2.0 SSH Ssh2 2.0.1 SSH Ssh2 2.0.2 SSH Ssh2 2.0.3 SSH Ssh2 2.0.4 SSH Ssh2 2.0.5 SSH Ssh2 2.0.6 SSH Ssh2 2.0.7 SSH Ssh2 2.0.8 SSH Ssh2 2.0.9 SSH Ssh2 2.0.10 SSH Ssh2 2.0.11 SSH Ssh2 2.0.12 SSH Ssh2 2.0.13 SSH Ssh2 2.1 SSH Ssh2 2.2 SSH Ssh2 2.3 SSH Ssh2 2.4 SSH Ssh2 2.5 SSH Ssh2 3.0	52

Exploit-Db

description	SSH2 3.0 Restricted Shell Escaping Command Execution Vulnerability. CVE-2002-1715. Local exploit for linux platform
id	EDB-ID:21398
last seen	2016-02-02
modified	2002-04-18
published	2002-04-18
reporter	A.Dimitrov
source	https://www.exploit-db.com/download/21398/
title	SSH2 3.0 Restricted Shell Escaping Command Execution Vulnerability

Summary

Vulnerable Configurations

Exploit-Db

References