Gain a shell remotely : OpenSSH < 3.0.2 'UseLogin Environment Variables' RCE Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.10823

Categoría: Gain a shell remotely

Título: OpenSSH < 3.0.2 'UseLogin Environment Variables' RCE Vulnerability

Resumen: OpenSSH is prone to a remote code execution (RCE); vulnerability.

Descripción: Summary:
OpenSSH is prone to a remote code execution (RCE)
vulnerability.

Vulnerability Insight:
Versions prior than 3.0.2 are vulnerable to an environment
variables export that can allow a local user to execute command with root privileges.

Affected Software/OS:
This problem affect only versions prior than 3.0.2, and when
the UseLogin feature is enabled (usually disabled by default).

Solution:
Update to version 3.0.2 or later.

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2001-0872
BugTraq ID: 3614
http://www.securityfocus.com/bid/3614
Bugtraq: 20011204 [Fwd: OpenSSH 3.0.2 fixes UseLogin vulnerability] (Google Search)
http://marc.info/?l=bugtraq&m=100749779131514&w=2
Bugtraq: 20011220 TSL-2001-0030 - openssh (updated) (Google Search)
Caldera Security Advisory: CSSA-2001-042.1
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2001-042.1.txt
CERT/CC vulnerability note: VU#157447
http://www.kb.cert.org/vuls/id/157447
Computer Incident Advisory Center Bulletin: M-026
http://www.ciac.org/ciac/bulletins/m-026.shtml
Conectiva Linux advisory: CLA-2001:446
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000446
Debian Security Information: DSA-091 (Google Search)
http://www.debian.org/security/2001/dsa-091
FreeBSD Security Advisory: FreeBSD-SA-01:63
HPdes Security Advisory: HPSBUX0112-005
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0112-005
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2001:092
http://www.osvdb.org/688
http://www.redhat.com/support/errata/RHSA-2001-161.html
SuSE Security Announcement: SuSE-SA:2001:045 (Google Search)
http://lists.suse.com/archives/suse-security-announce/2001-Dec/0001.html
TurboLinux Advisory: TLSA2002001
XForce ISS Database: openssh-uselogin-execute-code(7647)
https://exchange.xforce.ibmcloud.com/vulnerabilities/7647

Copyright Copyright (C) 2005 by EMAZE Networks S.p.A.

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.10823
Categoría:	Gain a shell remotely
Título:	OpenSSH < 3.0.2 'UseLogin Environment Variables' RCE Vulnerability
Resumen:	OpenSSH is prone to a remote code execution (RCE); vulnerability.
Descripción:	Summary: OpenSSH is prone to a remote code execution (RCE) vulnerability. Vulnerability Insight: Versions prior than 3.0.2 are vulnerable to an environment variables export that can allow a local user to execute command with root privileges. Affected Software/OS: This problem affect only versions prior than 3.0.2, and when the UseLogin feature is enabled (usually disabled by default). Solution: Update to version 3.0.2 or later. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2001-0872 BugTraq ID: 3614 http://www.securityfocus.com/bid/3614 Bugtraq: 20011204 [Fwd: OpenSSH 3.0.2 fixes UseLogin vulnerability] (Google Search) http://marc.info/?l=bugtraq&m=100749779131514&w=2 Bugtraq: 20011220 TSL-2001-0030 - openssh (updated) (Google Search) Caldera Security Advisory: CSSA-2001-042.1 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2001-042.1.txt CERT/CC vulnerability note: VU#157447 http://www.kb.cert.org/vuls/id/157447 Computer Incident Advisory Center Bulletin: M-026 http://www.ciac.org/ciac/bulletins/m-026.shtml Conectiva Linux advisory: CLA-2001:446 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000446 Debian Security Information: DSA-091 (Google Search) http://www.debian.org/security/2001/dsa-091 FreeBSD Security Advisory: FreeBSD-SA-01:63 HPdes Security Advisory: HPSBUX0112-005 http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0112-005 http://frontal2.mandriva.com/security/advisories?name=MDKSA-2001:092 http://www.osvdb.org/688 http://www.redhat.com/support/errata/RHSA-2001-161.html SuSE Security Announcement: SuSE-SA:2001:045 (Google Search) http://lists.suse.com/archives/suse-security-announce/2001-Dec/0001.html TurboLinux Advisory: TLSA2002001 XForce ISS Database: openssh-uselogin-execute-code(7647) https://exchange.xforce.ibmcloud.com/vulnerabilities/7647
Copyright	Copyright (C) 2005 by EMAZE Networks S.p.A.