Overview
Versions of OpenSSH prior to 2.1.1 (current circa June, 2000) allow a remote attacker to execute arbitrary commands with the privileges of sshd, typically root.
Description
OpenSSH is a free implementation of versions 1 and 2 of the SSH protocol. If sshd is configured with the UseLogin option, it attempts to use login(1) to authenticate the user. However, is ssh is used to execute a command, the command is run with the privileges of sshd, typically root. UseLogin is not enabled by default. |
Impact
Remote attackers can run arbitrary commands as root on systems with UseLogin enabled. |
Solution
Upgrade to the latest version of OpenSSH. |
Vendor Information
40327
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- http://www.openbsd.org/errata27.html#uselogin
- http://www.securityfocus.com/bid/1334
- http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-06-8&msg=20000609170629.A4933@folly.informatik.uni-erlangen.de
- http://www.ciac.org/ciac/bulletins/k-058.shtml
- http://www.securiteam.com/unixfocus/5MQ070A1QU.html
- http://xforce.iss.net/alerts/vol-5_num-6.php#-openssh-uselogin-remote-exec
Acknowledgements
Our thanks to Markus Friedl who reported this information.
This document was written by Shawn V Hernan.
Other Information
| CVE IDs: | CVE-2000-0525 |
| Severity Metric: | 31.50 |
| Date Public: | 2000-06-09 |
| Date First Published: | 2001-11-05 |
| Date Last Updated: | 2001-11-05 18:59 UTC |
| Document Revision: | 6 |