CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2000-0525

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1520%
EPSS Percentile22.32th
Published2000年6月8日
Last Modified2026年4月16日

Vulnerability Description

OpenSSH does not properly drop privileges when the UseLogin option is enabled, which allows local users to execute arbitrary commands by providing the command to the ssh daemon.

Affected Platforms (CPE)

📦
Openbsd

Openssh

= 1.2
📦
Openbsd

Openssh

= 1.2.3
📦
Openbsd

Openssh

= 2.1

References & Advisories

🔗 http://archives.neohapsis.com/archives/bugtraq/2000-06/0065.html
🔗 http://www.openbsd.org/errata.html#uselogin
🔗 http://www.osvdb.org/341
🔗 http://www.securityfocus.com/bid/1334
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/4646
🔗 http://archives.neohapsis.com/archives/bugtraq/2000-06/0065.html
🔗 http://www.openbsd.org/errata.html#uselogin
🔗 http://www.osvdb.org/341

相關漏洞威脅

CVE-2003-069310.0

A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitr...

CVE-1999-066110.0

A system is running a version of software that was replaced with a Trojan Horse at one of its distribution points, such as (1) TCP...

CVE-2002-064010.0

Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers to execute arbitrary code via a large number of re...

CVE-2003-078610.0

The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check...