CyberSec.Space Logo
返回 CVE 浏览器

CVE-2003-0786

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1680%
EPSS Percentile41.73th
Published2003年11月17日
Last Modified2026年4月16日

Vulnerability Description

The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges.

Affected Platforms (CPE)

📦
Openbsd

Openssh

= 3.7.1
📦
Openbsd

Openssh

= 3.7.1p1

References & Advisories

🔗 http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010812.html
🔗 http://www.kb.cert.org/vuls/id/602204
🔗 http://www.openssh.com/txt/sshpam.adv
🔗 http://www.securityfocus.com/archive/1/338616
🔗 http://www.securityfocus.com/archive/1/338617
🔗 http://www.securityfocus.com/bid/8677
🔗 http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010812.html
🔗 http://www.kb.cert.org/vuls/id/602204

相关漏洞威胁

CVE-2002-064010.0

Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers to execute arbitrary code via a large number of re...

CVE-1999-066110.0

A system is running a version of software that was replaced with a Trojan Horse at one of its distribution points, such as (1) TCP...

CVE-2000-052510.0

OpenSSH does not properly drop privileges when the UseLogin option is enabled, which allows local users to execute arbitrary comma...

CVE-2003-069310.0

A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitr...