Lucene search
K

45 matches found

OSV
OSV
added 2016/05/01 1:59 a.m.36 views

CVE-2015-8325

The dosetupenv function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pamenvironment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as...

7.8CVSS5.2AI score0.00627EPSS
Exploits0References12
Cvelist
Cvelist
added 2016/05/01 12:0 a.m.52 views

CVE-2015-8325

The dosetupenv function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pamenvironment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as...

7.6AI score0.00627EPSS
Exploits0References12
CVE
CVE
added 2016/05/01 12:0 a.m.2029 views

CVE-2015-8325

CVE-2015-8325 affects OpenSSH sshd where, with UseLogin enabled and PAM reading user .pam_environment files, a local user can trigger a crafted environment for /bin/login (eg via LD_PRELOAD) to gain privileges. Affected context in the provided connected documents centers on OpenSSH scenarios in v...

7.8CVSS7.5AI score0.00627EPSS
Exploits0References12Affected Software1
Debian CVE
Debian CVE
added 2016/05/01 12:0 a.m.30 views

CVE-2015-8325

The dosetupenv function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pamenvironment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as...

7.8CVSS8AI score0.00627EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2016/04/30 12:0 a.m.44 views

CVE-2015-8325

The dosetupenv function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pamenvironment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as...

7.8CVSS7.1AI score0.00627EPSS
Exploits0References2
OSV
OSV
added 2016/04/30 12:0 a.m.3 views

UBUNTU-CVE-2015-8325

The dosetupenv function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pamenvironment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as...

7.8CVSS7.3AI score0.00627EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2016/04/15 12:0 a.m.40 views

Debian Security Advisory DSA 3550-1 (openssh - security update)

Shayan Sadigh discovered a vulnerability in OpenSSH: If PAM support is enabled and the sshd PAM configuration is configured to read userspecified environment variables and the UseLogin option is enabled, a local user may escalate her privileges to root. In Debian UseLogin is not enabled by defaul...

7.2CVSS0.7AI score0.00627EPSS
Exploits0References1
OSV
OSV
added 2016/04/15 12:0 a.m.36 views

DSA-3550-1 openssh - security update

Bulletin has no description...

7.8CVSS7.7AI score0.00627EPSS
Exploits0
OpenVAS
OpenVAS
added 2008/01/17 12:0 a.m.29 views

Debian Security Advisory DSA 091-1 (ssh)

The remote host is missing an update to ssh announced via advisory DSA 091-1. OpenVAS Vulnerability Test $Id: deb0911.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 091-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

7.2CVSS0.1AI score0.00871EPSS
Exploits0
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.42 views

OpenSSH < 3.0.2 'UseLogin Environment Variables' RCE Vulnerability

OpenSSH is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2005 by EMAZE Networks S.p.A. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.2CVSS7.3AI score0.00871EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2004/08/20 12:0 a.m.22 views

OpenSSH < 2.1.1 UseLogin Local Privilege Escalation

Binary data 1991.prm...

10CVSS7.3AI score0.02626EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2004/08/20 12:0 a.m.21 views

OpenSSH < 3.0.2 UseLogin Environment Variable Local Command Execution

Binary data 1992.prm...

7.2CVSS7.3AI score0.00871EPSS
Exploits0References1
CVE
CVE
added 2002/06/25 4:0 a.m.130 views

CVE-2001-0872

Technical details for CVE-2001-0872 are not provided in the connected documents. The initial description notes OpenSSH 3.0.1 with UseLogin and LD_PRELOAD cleansing issue. Monitor for updates.

7.2CVSS9.1AI score0.00871EPSS
Exploits0References14Affected Software1
Packet Storm
Packet Storm
added 2001/12/09 12:0 a.m.49 views

UseLogin.txt

-- OpenSSH UseLogin bug proof of concept exploit -- by WaR / http://www.genhex.org -- Intro -- I was very curious in finding out how to exploit this problem. Although I don't think anyone uses this feature, I looked into the matter anyway. Here it goes. It was tested on the following platforms: -...

7.4AI score
Exploits0
Debian
Debian
added 2001/12/05 2:33 p.m.11 views

[SECURITY] [DSA-091-1] OpenSSH UseLogin vulnerability

Package : ssh Problem type : influencing login Debian-specific: no If the UseLogin feature is enabled in for ssh local users could pass environment variables including variables like LDPRELOAD to the login process. This has been fixed by not copying the environment of UseLogin is enabled. Please...

5.8AI score
Exploits0
CERT
CERT
added 2001/12/04 12:0 a.m.29 views

OpenSSH UseLogin directive permits privilege escalation

Overview OpenSSH is an implementation of the Secure Shell protocol. When OpenSSH is configured with the UseLogin directive equal to "yes", an intruder can execute arbitrary code with the privileges of OpenSSH, usually root. Description OpenSSH contains a vulnerability that permits an intruder to...

7.5AI score
Exploits0References3
FreeBSD Advisory
FreeBSD Advisory
added 2001/12/02 12:0 a.m.5 views

FreeBSD-SA-01:63.openssh

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:63 Security Advisory FreeBSD, Inc. Topic: OpenSSH UseLogin directive permits privilege escalation REVISED Category: core/ports Module: openssh Announced: 2001-12-02...

6.2AI score
Exploits0
CERT
CERT
added 2001/11/05 12:0 a.m.27 views

OpenSSH UseLogin option allows remote execution of commands as root

Overview Versions of OpenSSH prior to 2.1.1 current circa June, 2000 allow a remote attacker to execute arbitrary commands with the privileges of sshd, typically root. Description OpenSSH is a free implementation of versions 1 and 2 of the SSH protocol. If sshd is configured with the UseLogin...

10CVSS9.8AI score0.02626EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2001/04/17 12:0 a.m.11 views

PT-2001-1001 · Openssh +1 · Openssh-Askpass-Gnome +5

Name of the Vulnerable Software and Affected Versions: OpenSSH versions 3.0.1 and earlier openssh-server-2.9p2 openssh-clients-2.9p2 openssh-2.9p2 openssh-askpass-2.9p2 openssh-askpass-gnome-2.9p2 ssh-askpass-ptk Description: The issue concerns multiple vulnerabilities in OpenSSH and related...

10CVSS8.2AI score0.99506EPSS
Exploits207References350
Cvelist
Cvelist
added 2000/10/13 4:0 a.m.26 views

CVE-2000-0525

OpenSSH does not properly drop privileges when the UseLogin option is enabled, which allows local users to execute arbitrary commands by providing the command to the ssh daemon...

9.4AI score0.02626EPSS
Exploits0References5
Rows per page
Query Builder