CVE-2000-0525

high

Description

OpenSSH does not properly drop privileges when the UseLogin option is enabled, which allows local users to execute arbitrary commands by providing the command to the ssh daemon.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/4646

http://www.securityfocus.com/bid/1334

http://www.osvdb.org/341

http://www.openbsd.org/errata.html#uselogin

http://archives.neohapsis.com/archives/bugtraq/2000-06/0065.html

Details

Source: Mitre, NVD

Published: 2000-06-08

Updated: 2017-10-10

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

Detections

Analytics