Vulnerability Description
The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges.
CVSS Score
10.0
HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openbsd | Openssh | 3.7.1 |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010812.html
- http://www.kb.cert.org/vuls/id/602204US Government Resource
- http://www.openssh.com/txt/sshpam.adv
- http://www.securityfocus.com/archive/1/338616
- http://www.securityfocus.com/archive/1/338617
- http://www.securityfocus.com/bid/8677
- http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010812.html
- http://www.kb.cert.org/vuls/id/602204US Government Resource
- http://www.openssh.com/txt/sshpam.adv
- http://www.securityfocus.com/archive/1/338616
- http://www.securityfocus.com/archive/1/338617
- http://www.securityfocus.com/bid/8677
FAQ
What is CVE-2003-0786?
CVE-2003-0786 is a vulnerability with a CVSS score of 10.0 (HIGH). The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote atta...
How severe is CVE-2003-0786?
CVE-2003-0786 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-0786?
Check the references section above for vendor advisories and patch information. Affected products include: Openbsd Openssh.