AI Score
Confidence
High
EPSS
Percentile
90.2%
The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges.
lists.grok.org.uk/pipermail/full-disclosure/2003-September/010812.html
www.kb.cert.org/vuls/id/602204
www.openssh.com/txt/sshpam.adv
www.securityfocus.com/archive/1/338616
www.securityfocus.com/archive/1/338617
www.securityfocus.com/bid/8677