{
  "details" : [ "Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication." ],
  "statement" : "Not vulnerable.  This issue did not affect the versions of OpenSSH as shipped with Red Hat Enterprise Linux 3 or later.\nThis issue did not affect the OpenSSL packages as shipped with Red Hat Enterprise Linux 2.1 as they were not compiled with S/Key or BSD_AUTH support.  The upstream patch for this issue and CVE-2002-0640 was included in an errata so that users recompiling OpenSSL with support for those authentication methods would also be protected:\nhttps://rhn.redhat.com/errata/RHSA-2002-131.html",
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2002-0639\nhttps://nvd.nist.gov/vuln/detail/CVE-2002-0639" ],
  "name" : "CVE-2002-0639",
  "csaw" : false
}