10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.018 Low
EPSS
Percentile
88.0%
The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | openssh | < 1:3.7.1p2 | openssh_1:3.7.1p2_all.deb |
Debian | 11 | all | openssh | < 1:3.7.1p2 | openssh_1:3.7.1p2_all.deb |
Debian | 10 | all | openssh | < 1:3.7.1p2 | openssh_1:3.7.1p2_all.deb |
Debian | 999 | all | openssh | < 1:3.7.1p2 | openssh_1:3.7.1p2_all.deb |
Debian | 13 | all | openssh | < 1:3.7.1p2 | openssh_1:3.7.1p2_all.deb |