Overview
There is a vulnerability in the Portable OpenSSH server that may corrupt the PAM conversion stack.
Description
The Portable OpenSSH server contains a vulnerability that may permit an attacker to corrupt the PAM conversion stack. Versions 3.7p1 and 3.7.1p1 are affected. Note that the OpenBSD-specific releases are not affected by this issue. |
Impact
The complete impact of this vulnerability is not yet known, but may lead to privilege escalation, or a denial of service. |
Solution
OpenSSH has announced version 3.7.1p2 to resolve this issue. |
This issue can be mitigated by not using PAM. Set "UsePAM no" in sshd_config. |
Vendor Information
209807
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Thanks to OpenSSH for reporting this vulnerability.
This document was written by Jason A Rafail.
Other Information
| CVE IDs: | CVE-2003-0787 |
| Severity Metric: | 1.50 |
| Date Public: | 2003-09-23 |
| Date First Published: | 2003-09-24 |
| Date Last Updated: | 2003-09-24 15:06 UTC |
| Document Revision: | 2 |