Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-0525

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2000-0525
Last Modified 10 Sep 2008 03:04:55
Published 08 Jun 2000 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2000-0525

Summary

OpenSSH does not properly drop privileges when the UseLogin option is enabled, which allows local users to execute arbitrary commands by providing the command to the ssh daemon.

Vulnerable Systems

Application

  • Openbsd Openssh 1.2

  • Openbsd Openssh 1.2.3

  • Openbsd Openssh 2.1


References

XF - openssh-uselogin-remote-exec

BID - 1334

OSVDB - 341

OPENBSD - 20000606 The non-default UseLogin feature in /etc/sshd_config is broken and should not be used.

BUGTRAQ - 20000609 OpenSSH's UseLogin option allows remote access with root privilege.


Last Updated: 27 May 2016 10:35:45