Executive Summary

Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication.

Why It Matters

CVE-2002-0639 is rated CRITICAL severity, requiring immediate attention from security teams.

CVSS Base Score: 9.8/10

Affected Technologies

Vendors: openbsd

Products: openssh

🛡️What Defenders Should Check

Check if you are affected — Review your asset inventory for products listed in CVE-2002-0639.

Apply available patches — Visit vendor advisories for the latest security updates.

Monitor for exploitation — Check your SIEM/IDS logs for related indicators.

Use Vulnios to continuously monitor your exposure to CVE-2002-0639 and similar vulnerabilities.

References & Sources

ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-030.0.txt

http://archives.neohapsis.com/archives/bugtraq/2002-06/0335.html

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000502

http://marc.info/?l=bugtraq&m=102514371522793&w=2

http://marc.info/?l=bugtraq&m=102514631524575&w=2

http://marc.info/?l=bugtraq&m=102521542826833&w=2

http://www.cert.org/advisories/CA-2002-18.html

http://www.debian.org/security/2002/dsa-134

http://www.iss.net/security_center/static/9169.php

http://www.kb.cert.org/vuls/id/369347

AI Security Advisor

Get AI-powered security recommendations tailored to this specific threat — including risk assessment, detection guidance, MITRE ATT&CK mapping, and actionable remediation steps.

Affected Products

openssh

Sources

NVD / NIST

critical

Protect Your Organization

Monitor CVEs, scan for vulnerabilities, and get real-time threat alerts — all in one platform.

Get Started Free Free Security Scan OSINT Dashboard

Get instant alerts on Telegram

Join our public channel for real-time critical CVE alerts.

Follow @vulnios

Critical Vulnerability: CVE-2002-0639 — openbsd — openssh