CVE-2000-0525Openssh vulnerability

4 documents4 sources
Severity
10.0CRITICALNVD
EPSS
0.7%
top 27.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Openbsd Openssh
Timeline
PublishedJun 8
Latest updateApr 30

Description

OpenSSH does not properly drop privileges when the UseLogin option is enabled, which allows local users to execute arbitrary commands by providing the command to the ssh daemon.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDopenbsd/openssh1.2, 1.2.3, 2.1+2

🔴Vulnerability Details

3
GHSA
GHSA-hrrj-9rqm-m5rx: OpenSSH does not properly drop privileges when the UseLogin option is enabled, which allows local users to execute arbitrary commands by providing the2022-04-30
Kernel
namei: allow restricted O_CREAT of FIFOs and regular files2018-08-23
CVEList
CVE-2000-0525: OpenSSH does not properly drop privileges when the UseLogin option is enabled, which allows local users to execute arbitrary commands by providing the2000-10-13
CVE-2000-0525 — Openbsd Openssh vulnerability | cvebase