CyberSec.Space Logo
Back to CVE Browser

CVE-2000-0525

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1520%
EPSS Percentile22.32th
PublishedJun 8, 2000
Last ModifiedApr 16, 2026

Vulnerability Description

OpenSSH does not properly drop privileges when the UseLogin option is enabled, which allows local users to execute arbitrary commands by providing the command to the ssh daemon.

Affected Platforms (CPE)

πŸ“¦
Openbsd

Openssh

= 1.2
πŸ“¦
Openbsd

Openssh

= 1.2.3
πŸ“¦
Openbsd

Openssh

= 2.1

References & Advisories

πŸ”— http://archives.neohapsis.com/archives/bugtraq/2000-06/0065.html
πŸ”— http://www.openbsd.org/errata.html#uselogin
πŸ”— http://www.osvdb.org/341
πŸ”— http://www.securityfocus.com/bid/1334
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/4646
πŸ”— http://archives.neohapsis.com/archives/bugtraq/2000-06/0065.html
πŸ”— http://www.openbsd.org/errata.html#uselogin
πŸ”— http://www.osvdb.org/341

Related Vulnerabilities

CVE-2003-069310.0

A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitr...

CVE-1999-066110.0

A system is running a version of software that was replaced with a Trojan Horse at one of its distribution points, such as (1) TCP...

CVE-2002-064010.0

Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers to execute arbitrary code via a large number of re...

CVE-2003-078610.0

The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check...