CVE-2001-1459Openssh vulnerability

5 documents5 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 39.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Openbsd Openssh
Timeline
PublishedJun 19
Latest updateApr 30

Description

OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

Debianopenbsd/openssh< 1:3.0.1p1-1+3
NVDopenbsd/openssh8 versions+7

🔴Vulnerability Details

3
GHSA
GHSA-m88g-p7vr-7qr7: OpenSSH 22022-04-30
CVEList
CVE-2001-1459: OpenSSH 22005-04-21
OSV
CVE-2001-1459: OpenSSH 22001-06-19

📋Vendor Advisories

1
Debian
CVE-2001-1459: openssh - OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM...2001
CVE-2001-1459 — Openbsd Openssh vulnerability | cvebase