Back to search
CVE-2003-0786
Published: Sep 25, 2003
Modified: Aug 8, 2024
PUBLISHED
Description
The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.openssh.com/txt/sshpam.adv
x_refsource_CONFIRM
8677
vdb-entry
x_refsource_BID
20030923 Multiple PAM vulnerabilities in portable OpenSSH
mailing-list
x_refsource_BUGTRAQ
20030923 Portable OpenSSH 3.7.1p2 released
mailing-list
x_refsource_BUGTRAQ
20030924 [OpenPKG-SA-2003.042] OpenPKG Security Advisory (openssh)
mailing-list
x_refsource_FULLDISC
VU#602204
third-party-advisory
x_refsource_CERT-VN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now