Lucene search
MitreCVE-2003-0786HistoryNov 17, 2003 - 5:00 a.m.
CVE-2003-0786
2003-11-1705:00:00
mitre
web.nvd.nist.gov
255
cve-2003-0786
ssh1
openssh
privilege separation
authentication
remote attack
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
9.8
Confidence
High
EPSS
0.025
Percentile
90.2%
The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges.
Affected configurations
Node
openbsdopensshMatch3.7.1
ORopenbsdopensshMatch3.7.1p1
Related
nvd
nvd
CVE-2003-0786
2003-11-17 05:00:00
cert
cert
OpenSSH PAM challenge authentication failure
2003-09-23 00:00:00
OpenSSH contains buffer management errors
2003-09-16 00:00:00
debiancve
debiancve
CVE-2003-0786
2003-11-17 05:00:00
cvelist
cvelist
CVE-2003-0786
2003-09-25 04:00:00
nessus
nessus
OpenSSH < 3.7.1p2 Multiple Remote Vulnerabilities
2003-09-23 00:00:00
SunSSH < 1.1.1 / 1.3 CBC Plaintext Disclosure
2011-08-29 00:00:00
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
9.8
Confidence
High
EPSS
0.025
Percentile
90.2%
Related for CVE-2003-0786