Lucene search
Copyright (C) 2005 by EMAZE Networks S.p.A.OPENVAS:136141256231010823HistoryNov 03, 2005 - 12:00 a.m.
OpenSSH < 3.0.2 'UseLogin Environment Variables' RCE Vulnerability
2005-11-0300:00:00
Copyright (C) 2005 by EMAZE Networks S.p.A.
plugins.openvas.org
25
7.3 High
AI Score
Confidence
Low
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.005 Low
EPSS
Percentile
76.1%
OpenSSH is prone to a remote code execution (RCE)
vulnerability.
# SPDX-FileCopyrightText: 2005 by EMAZE Networks S.p.A.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:openbsd:openssh";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.10823");
script_version("2023-08-03T05:05:16+0000");
script_cve_id("CVE-2001-0872");
script_tag(name:"last_modification", value:"2023-08-03 05:05:16 +0000 (Thu, 03 Aug 2023)");
script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
script_tag(name:"cvss_base", value:"7.2");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_name("OpenSSH < 3.0.2 'UseLogin Environment Variables' RCE Vulnerability");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2005 by EMAZE Networks S.p.A.");
script_family("Gain a shell remotely");
script_dependencies("gb_openssh_consolidation.nasl");
script_mandatory_keys("openssh/detected");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/3614");
script_tag(name:"summary", value:"OpenSSH is prone to a remote code execution (RCE)
vulnerability.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"Versions prior than 3.0.2 are vulnerable to an environment
variables export that can allow a local user to execute command with root privileges.");
script_tag(name:"affected", value:"This problem affect only versions prior than 3.0.2, and when
the UseLogin feature is enabled (usually disabled by default).");
script_tag(name:"solution", value:"Update to version 3.0.2 or later.");
script_tag(name:"qod_type", value:"remote_banner_unreliable");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("version_func.inc");
include("host_details.inc");
if( isnull( port = get_app_port( cpe:CPE ) ) )
exit( 0 );
if( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )
exit( 0 );
vers = infos["version"];
path = infos["location"];
if( version_is_less( version:vers, test_version:"3.0.2" ) ) {
report = report_fixed_ver( installed_version:vers, fixed_version:"3.0.2", install_path:path );
security_message( port:port, data:report );
exit( 0 );
}
exit( 99 );
References
Related
openvas
openvas
Debian Security Advisory DSA 091-1 (ssh)
2008-01-17 00:00:00
OpenSSH UseLogin Environment Variables
2005-11-03 00:00:00
Debian Security Advisory DSA 091-1 (ssh)
2008-01-17 00:00:00
nessus
nessus
Debian DSA-091-1 : ssh - influencing login
2004-09-29 00:00:00
Mandrake Linux Security Advisory : openssh (MDKSA-2001:092)
2004-07-31 00:00:00
OpenSSH < 3.0.2 Multiple Vulnerabilities
2001-12-10 00:00:00
cve
cve
CVE-2001-0872
2001-12-21 05:00:00
7.3 High
AI Score
Confidence
Low
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.005 Low
EPSS
Percentile
76.1%
Related for OPENVAS:136141256231010823