ID |
CVE-2003-0786
|
Summary |
The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges. |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 10.0 (as of 10-09-2008 - 19:20) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
COMPLETE |
COMPLETE |
COMPLETE |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
refmap
via4
|
bid | 8677 | bugtraq | - 20030923 Multiple PAM vulnerabilities in portable OpenSSH
- 20030923 Portable OpenSSH 3.7.1p2 released
| cert-vn | VU#602204 | confirm | http://www.openssh.com/txt/sshpam.adv | fulldisc | 20030924 [OpenPKG-SA-2003.042] OpenPKG Security Advisory (openssh) |
|
Last major update |
10-09-2008 - 19:20 |
Published |
17-11-2003 - 05:00 |
Last modified |
10-09-2008 - 19:20 |