Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-0872

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2001-0872
Last Modified 05 Sep 2008 04:25:07
Published 21 Dec 2001 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2001-0872

Summary

OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows local users to gain root privileges.

Vulnerable Systems

Operating System

  • Redhat Linux 7.0

  • Redhat Linux 7.1

  • Redhat Linux 7.2

  • Suse Linux 6.4

  • Suse Linux 7.0

  • Suse Linux 7.1

  • Suse Linux 7.2

  • Suse Linux 7.3

Application

  • Openbsd Openssh 3.0.1


References

CERT-VN - VU#157447

REDHAT - RHSA-2001:161

BUGTRAQ - 20011204 [Fwd: OpenSSH 3.0.2 fixes UseLogin vulnerability]

SUSE - SuSE-SA:2001:045

CONFIRM - http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=100747128105913&w=2

XF - openssh-uselogin-execute-code(7647)

HP - HPSBUX0112-005

BID - 3614

OSVDB - 688

DEBIAN - DSA-091

CIAC - M-026

MANDRAKE - MDKSA-2001:092

CONECTIVA - CLA-2001:446

CALDERA - CSSA-2001-042.1


Last Updated: 27 May 2016 10:36:26