Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1459

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2001-1459
Last Modified 07 Mar 2011 09:07:22
Published 19 Jun 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-1459

Summary

OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d.

Vulnerable Systems

Application

  • Openbsd Openssh 2.1

  • Openbsd Openssh 2.1.1

  • Openbsd Openssh 2.2

  • Openbsd Openssh 2.3

  • Openbsd Openssh 2.5

  • Openbsd Openssh 2.5.1

  • Openbsd Openssh 2.5.2

  • Openbsd Openssh 2.9


References

CERT-VN - VU#797027

XF - openssh-rsh-bypass-pam(6757)

BID - 2917

BUGTRAQ - 20010619 pam session


Last Updated: 27 May 2016 10:36:40