CVE-2001-0872 — Openssh vulnerability

5 documents5 sources

Severity

7.2HIGHNVD

EPSS

0.2%

top 60.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openbsd Openssh Redhat Linux Suse Linux

Timeline

PublishedDec 21

Latest updateMay 3

Description

OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows local users to gain root privileges.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages3 packages

▶NVDopenbsd/openssh3.0.1

▶NVDredhat/linux7.0, 7.1, 7.2+2

▶NVDsuse/suse_linux5 versions+4

Patches

Patch: lists.suse.com ↗Patch: www.redhat.com ↗Patch: lists.suse.com ↗

🔴Vulnerability Details

GHSA

GHSA-65cx-7mf4-2jgg: OpenSSH 3↗2022-05-03

▶

CVEList

CVE-2001-0872: OpenSSH 3↗2002-06-25

▶

📋Vendor Advisories

Red Hat

security flaw↗2001-12-04

▶

💬Community

Bugzilla

CVE-2001-0872 security flaw↗2018-08-16

▶