Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0786

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2003-0786
Last Modified 10 Sep 2008 03:20:26
Published 17 Nov 2003 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0786

Summary

The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges.

Vulnerable Systems

Application

  • Openbsd Openssh 3.7.1

  • Openbsd Openssh 3.7.1p1


References

CERT-VN - VU#602204

CONFIRM - http://www.openssh.com/txt/sshpam.adv

FULLDISC - 20030924 [OpenPKG-SA-2003.042] OpenPKG Security Advisory (openssh)

BID - 8677

BUGTRAQ - 20030923 Multiple PAM vulnerabilities in portable OpenSSH

BUGTRAQ - 20030923 Portable OpenSSH 3.7.1p2 released


Last Updated: 27 May 2016 10:38:03