cbcvebase.
CVE-2001-1459
published 2001-06-19

CVE-2001-1459: OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to…

PriorityP427high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
2.16%
79.9th percentile
OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d.

Affected

13 ranges
VendorProductVersion rangeFixed in
debianopenssh< openssh 1:3.0.1p1-1 (bookworm)openssh 1:3.0.1p1-1 (bookworm)
openbsdopenssh
openbsdopenssh
openbsdopenssh
openbsdopenssh
openbsdopenssh
openbsdopenssh
openbsdopenssh
openbsdopenssh
openbsdopenssh>= 0 < 1:3.0.1p1-11:3.0.1p1-1
openbsdopenssh>= 0 < 1:3.0.1p1-11:3.0.1p1-1
openbsdopenssh>= 0 < 1:3.0.1p1-11:3.0.1p1-1
openbsdopenssh>= 0 < 1:3.0.1p1-11:3.0.1p1-1

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.