OpenSSH UseLogin Environment Variables Network Vulnerability

Summary

You are running a version of OpenSSH which is older than 3.0.2. Versions prior than 3.0.2 are vulnerable to an environment variables export that can allow a local user to execute command with root privileges. This problem affect only versions prior than 3.0.2, and when the UseLogin feature is enabled (usually disabled by default)

Solution

Upgrade to OpenSSH 3.0.2 or apply the patch for prior versions. (Available at: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH)

Severity

Classification

CVE CVE-2001-0872
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

HTTP negative Content-Length buffer overflow
Loadbalancer.org Enterprise VA 7.5.2 Static SSH Key
Microsoft RPC Interface Buffer Overrun (823980)
Generic format string
TESO in.telnetd buffer overflow

Take action and discover your vulnerabilities