SunSSH < 1.1.1 / 1.3 CBC Plaintext Disclosure

The version of SunSSH running on the remote host has an information disclosure vulnerability. A design flaw in the SSH specification could allow a man-in-the-middle attacker to recover up to 32 bits of plaintext from an SSH-protected connection in the standard configuration. An attacker could...

Debian DSA-091-1 : ssh - influencing login

If the UseLogin feature is enabled in ssh local users could pass environment variables including variables like LDPRELOAD to the login process. This has been fixed by not copying the environment if UseLogin is enabled. Please note that the default configuration for Debian does not have UseLogin...

CVE-2001-0872

Technical details for CVE-2001-0872 are not provided in the connected documents. The initial description notes OpenSSH 3.0.1 with UseLogin and LD_PRELOAD cleansing issue. Monitor for updates.

CVE-2001-0872

OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LDPRELOAD, which allows local users to gain root privileges...