| VID |
14026 |
| Severity |
40 |
| Port |
22 |
| Protocol |
TCP |
| Class |
Ssh |
| Detailed Description |
The version of OpenSSH is older than 2.1.1. If the UseLogin option is enabled, sshd could allow authenticated users to execute commands with elevated privileges.
When UseLogin is enabled, the OpenSSH server uses the login(1) program to switch the uid to that of the user. However, when a remote user executes a command through ssh, the uid does not change to the user, and the code executes with the uid of sshd (usually root).
Default installations of SSH are not vulnerable, because UseLogin is disabled by default.
** Note that secuiSCAN could not determine whether the UseLogin option was activated or not, so this message may be a false alarm.
* References:
http://www.securityfocus.com/bid/1334
http://www.iss.net/security_center/static/4646.php |
| Recommendation |
Upgrade to OpenSSH 2.3.2 or make sure that the option UseLogin is set to no in sshd_config
(Note : It isn't exists the flaw in OpenSSH 2.1.1 or later, but the older versions than 2.3.0 and version 2.3.1 have several vulnerabilities) |
| Related URL |
CVE-2000-0525 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
