Vulnerability Description
The auth_via_key function in pam_ssh.c in pam_ssh before 1.92, when the allow_blank_passphrase option is disabled, allows remote attackers to bypass authentication restrictions and use private encryption keys requiring a blank passphrase by entering a non-blank passphrase.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pam Ssh | Pam Ssh | 1.91 |
References
- http://osvdb.org/33119
- http://secunia.com/advisories/24061Vendor Advisory
- http://sourceforge.net/project/shownotes.php?release_id=484376PatchVendor Advisory
- http://www.securityfocus.com/bid/22461
- http://www.vupen.com/english/advisories/2007/0524
- http://osvdb.org/33119
- http://secunia.com/advisories/24061Vendor Advisory
- http://sourceforge.net/project/shownotes.php?release_id=484376PatchVendor Advisory
- http://www.securityfocus.com/bid/22461
- http://www.vupen.com/english/advisories/2007/0524
FAQ
What is CVE-2007-0844?
CVE-2007-0844 is a vulnerability with a CVSS score of 6.4 (MEDIUM). The auth_via_key function in pam_ssh.c in pam_ssh before 1.92, when the allow_blank_passphrase option is disabled, allows remote attackers to bypass authentication restrictions and use private encrypt...
How severe is CVE-2007-0844?
CVE-2007-0844 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-0844?
Check the references section above for vendor advisories and patch information. Affected products include: Pam Ssh Pam Ssh.