Overview
OpenSSH is an implementation of the Secure Shell (SSH) protocol. It can be configured to use Linux Pluggable Authentication Modules (PAM) for added authentication. A vulnerability exists in OpenSSH, and perhaps other implementations of SSH, which can allow to potentially bypass PAM restrictions.
Description
OpenSSH fails to call pam_open_session if no pty (pseudo-terminal driver) is used. This in turn does not activate the security modules specified in /etc/pam.d. It has been pointed out that if you use pam_limits.so to set resource limits, then users could bypass these limits by calling ssh in this manner. |
Impact
An attacker can bypass the PAM security modules specified on the target machine. |
Solution
Upgrade to OpenSSH 2.9.9p1. |
Restrict access to the SSH service You may wish to disable the SSH access until a patch is available from your vendor. |
Vendor Information
CVSS Metrics
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
References
Acknowledgements
Christian Kraemer discovered this vulnerability.
This document was written by Jason Rafail.
Other Information
CVE IDs: | None |
Severity Metric: | 3.38 |
Date Public: | 2001-06-19 |
Date First Published: | 2001-12-07 |
Date Last Updated: | 2001-12-12 14:39 UTC |
Document Revision: | 5 |