FreeBSD-SA-00:30.openssh

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:30 Security Advisory FreeBSD, Inc. Topic: OpenSSH UseLogin directive permits remote root access Category: core Module: openssh Announced: 2000-07-05 Credits: Markus Fried...

Уязвимость USELOGIN в OpenSSH

При использовании опции USELOGIN внешяя програма логин используется для авторизации пользователя и установки корректных разрешений. В то же время при запросе пользователем сервиса без входа например rsh login не срабатывает и пользователь работает с привилегией root...

OpenSSH's UseLogin option allows remote access with root privilege.

OpenSSH's UseLogin option allows remote access with root privilege. 1. Systems affected: The default installation of OpenSSH is not vulnerable, since UseLogin defaults to 'no'. However, if UseLogin is enabled, all versions of OpenSSH prior to 2.1.1 are affected. 2. Description: If the UseLogin...

OpenSSH < 2.1.1 UseLogin Local Privilege Escalation

According to its banner, the remote host appears to be running OpenSSH version older than 2.1.1. Such versions are reportedly affected by a local privilege esclation vulnerability. If the UseLogin option is enabled, then sshd does not switch to the uid of the user logging in. Instead, sshd relies...

PT-2000-1461 · Openssh +1 · Openssh +1

Name of the Vulnerable Software and Affected Versions: OpenSSH affected versions not specified Description: The issue is related to OpenSSH not properly dropping privileges when the UseLogin option is enabled. This allows local users to execute arbitrary commands by providing the command to the s...