CVE-2003-0786

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2003-0786

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2003-0786.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2003-0786

Published

2003-11-17T05:00:00Z

Modified

2024-11-20T23:45:31Z

Summary

[none]

Details

The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges.

References

Affected packages

Debian:11 / openssh

Package

Name: openssh
Purl: pkg:deb/debian/openssh?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:3.7.1p2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / openssh

Package

Name: openssh
Purl: pkg:deb/debian/openssh?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:3.7.1p2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / openssh

Package

Name: openssh
Purl: pkg:deb/debian/openssh?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:3.7.1p2

Ecosystem specific

{
    "urgency": "not yet assigned"
}