CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
90.2%
There is a vulnerability in the challenge authentication code of the Portable OpenSSH server when using the SSHv1 protocol and Pluggable Authentication Modules (PAM). This vulnerability could permit a remote attacker to log in to the system as any user, including potentially root, without using a password.
There is a vulnerability in the challenge authentication code of the Portable OpenSSH server when using the SSHv1 protocol and Pluggable Authentication Modules (PAM). Versions 3.7p1 and 3.7.1p1 are affected. Note that the OpenBSD-specific releases are not affected by this issue.
Remote attackers could exploit servers configured with the following parameters:
* OpenSSH 3.7.1p1 (portable)
* Any platform
* compiled with --with-pam
* PrivilegeSeparation disabled
* Protocol version 1 enabled (default)
* ChallengeResponse enabled (default)
A remote attacker could potentially log in to the system as any user, including root, using a null password. The root user can only be logged into if “PermitRootLogin” is enabled.
OpenSSH has announced version 3.7.1p2 to resolve this issue.
This issue can be mitigated by not using PAM. Set “UsePAM no” in sshd_config. To prevent root logins, Set “PermitRootLogin no”.
602204
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: September 24, 2003
Affected
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
`- - - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200309-14
PACKAGE : openssh
SUMMARY : multiple vulnerabilities in new PAM code
DATE : 2003-09-23 20:25 UTC
EXPLOIT : remote
VERSIONS AFFECTED : <openssh-3.7.1_p2
FIXED VERSION : >=openssh-3.7.1_p2
CVE :
- - - ---------------------------------------------------------------------
quote from advisory:
“Portable OpenSSH versions 3.7p1 and 3.7.1p1 contain multiple
vulnerabilities in the new PAM code. At least one of these bugs
is remotely exploitable (under a non-standard configuration,
with privsep disabled).”
read the full advisory at:
<http://www.openssh.com/txt/sshpam.adv>
SOLUTION
It is recommended that all Gentoo Linux users who are running
net-misc/openssh upgrade to openssh-3.7.1_p2 as follows:
emerge sync
emerge openssh
emerge clean
- - - ---------------------------------------------------------------------
[email protected] - GnuPG key is available at <http://dev.gentoo.org/~aliz>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQE/cKxBfT7nyhUpoZMRAmw0AJ92FPN0+E9Sm30c8B8rjF31/gQ7UwCcCWmi
ZSsCQAtKpTlq4M/KTdfMQ5M=
=mEO/
-----END PGP SIGNATURE-----
`
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23602204 Feedback>).
Notified: September 22, 2003 Updated: September 23, 2003
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23602204 Feedback>).
Updated: September 23, 2003
Not Affected
The OpenSSH used in AppGate has pam disabled so AppGate is not vulnerable.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23602204 Feedback>).
Updated: September 23, 2003
Not Affected
Apple: Not Vulnerable. Mac OS X is configured in a manner that is not susceptible to this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23602204 Feedback>).
Updated: September 23, 2003
Not Affected
Our WinSSHD server is based on different architecture and shares no codebase with OpenSSH; it is thus not vulnerable to this issue.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23602204 Feedback>).
Updated: September 24, 2003
Not Affected
No versions of Check Point products are affected by this advisory.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23602204 Feedback>).
Updated: September 24, 2003
Not Affected
Not Affected:
No Clavister products implement the SSH protocol.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23602204 Feedback>).
Updated: September 23, 2003
Not Affected
Cray Inc. does support OpenSSH, however is not currently supporting OpenSSH 3.7. Even so, Cray does not compile with the “–with-pam” option and defaults to PrivilegeSeparation enabled. So Cray Inc. is not vulnerable to this.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23602204 Feedback>).
Updated: September 23, 2003
Not Affected
The packages in the current Debian release (Debian 3.0/woody) are not vulnerable.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23602204 Feedback>).
Updated: September 23, 2003
Not Affected
Ingrian networks products are not vulnerable to this issue.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23602204 Feedback>).
Updated: September 23, 2003
Not Affected
MandrakeSoft patched 3.6.1 for updates, so none of our products are vulnerable to this issue.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23602204 Feedback>).
Updated: September 23, 2003
Not Affected
The particular program in question is not used in any Microsoft products.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23602204 Feedback>).
Updated: September 23, 2003
Not Affected
Mirapoint is not vulnerable to this.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23602204 Feedback>).
Updated: September 23, 2003
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23602204 Feedback>).
Updated: September 23, 2003
Not Affected
NetApp products are not vulnerable to this issue.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23602204 Feedback>).
Updated: September 24, 2003
Not Affected
This doesn’t affect Openwall GNU/*/Linux, – we haven’t updated to a version of OpenSSH/portable with the newer FreeBSD-derived PAM code.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23602204 Feedback>).
Updated: September 23, 2003
Not Affected
Since we do not support the PAM authentication this issue does not apply to our server.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23602204 Feedback>).
Updated: September 23, 2003
Not Affected
Red Hat Linux and Red Hat Enterprise Linux contain versions of OpenSSH prior to version 3.7 and are therefore not vulnerable to these issues.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23602204 Feedback>).
Updated: September 23, 2003
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23602204 Feedback>).
Updated: September 24, 2003
Not Affected
Sun is not vulnerable to this. We have never shipped with this release.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23602204 Feedback>).
Updated: September 24, 2003
Not Affected
WatchGuard Products are not vulnerable to this issue.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23602204 Feedback>).
Updated: September 23, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23602204 Feedback>).
Updated: September 23, 2003
Unknown
IBM eServer Platform Response
For information related to this and other published CERT Advisories that may relate to the IBM eServer Platforms (xSeries, iSeries, pSeries, and zSeries) please go to
https://app-06.www.ibm.com/servers/resourcelink/lib03020.nsf/pages/securityalerts?OpenDocument&pathID=3D
In order to access this information you will require a Resource Link ID. To subscribe to Resource Link go to and follow the steps for registration.
All questions should be refered to [email protected].
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23602204 Feedback>).
View all 23 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to Petri Heinonen and the OUSPG Team for reporting this vulnerability.
This document was written by Jason A Rafail.
CVE IDs: | CVE-2003-0786 |
---|---|
Severity Metric: | 6.58 Date Public: |