CVE-2001-0872

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2001-0872
OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows local users to gain root privileges.

7.2 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2001-042.1.txt
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000446
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2001:092
http://lists.suse.com/archives/suse-security-announce/2001-Dec/0001.html Patch Vendor Advisory
http://marc.info/?l=bugtraq&m=100749779131514&w=2
http://marc.info/?l=openssh-unix-dev&m=100747128105913&w=2
http://www.ciac.org/ciac/bulletins/m-026.shtml
http://www.debian.org/security/2001/dsa-091
http://www.kb.cert.org/vuls/id/157447 US Government Resource
http://www.osvdb.org/688
http://www.redhat.com/support/errata/RHSA-2001-161.html Patch Vendor Advisory
http://www.securityfocus.com/bid/3614
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0112-005
https://exchange.xforce.ibmcloud.com/vulnerabilities/7647
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2001-042.1.txt
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000446
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2001:092
http://lists.suse.com/archives/suse-security-announce/2001-Dec/0001.html Patch Vendor Advisory
http://marc.info/?l=bugtraq&m=100749779131514&w=2
http://marc.info/?l=openssh-unix-dev&m=100747128105913&w=2
http://www.ciac.org/ciac/bulletins/m-026.shtml
http://www.debian.org/security/2001/dsa-091
http://www.kb.cert.org/vuls/id/157447 US Government Resource
http://www.osvdb.org/688
http://www.redhat.com/support/errata/RHSA-2001-161.html Patch Vendor Advisory
http://www.securityfocus.com/bid/3614
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0112-005
https://exchange.xforce.ibmcloud.com/vulnerabilities/7647
Configurations

Configuration 1 (hide)

cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:6.4:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:7.1:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:7.2:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:7.3:*:*:*:*:*:*:*
History

20 Nov 2024, 23:36

Type Values Removed Values Added
References () ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2001-042.1.txt - () ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2001-042.1.txt -
References () http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000446 - () http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000446 -
References () http://frontal2.mandriva.com/security/advisories?name=MDKSA-2001:092 - () http://frontal2.mandriva.com/security/advisories?name=MDKSA-2001:092 -
References () http://lists.suse.com/archives/suse-security-announce/2001-Dec/0001.html - Patch, Vendor Advisory () http://lists.suse.com/archives/suse-security-announce/2001-Dec/0001.html - Patch, Vendor Advisory
References () http://marc.info/?l=bugtraq&m=100749779131514&w=2 - () http://marc.info/?l=bugtraq&m=100749779131514&w=2 -
References () http://marc.info/?l=openssh-unix-dev&m=100747128105913&w=2 - () http://marc.info/?l=openssh-unix-dev&m=100747128105913&w=2 -
References () http://www.ciac.org/ciac/bulletins/m-026.shtml - () http://www.ciac.org/ciac/bulletins/m-026.shtml -
References () http://www.debian.org/security/2001/dsa-091 - () http://www.debian.org/security/2001/dsa-091 -
References () http://www.kb.cert.org/vuls/id/157447 - US Government Resource () http://www.kb.cert.org/vuls/id/157447 - US Government Resource
References () http://www.osvdb.org/688 - () http://www.osvdb.org/688 -
References () http://www.redhat.com/support/errata/RHSA-2001-161.html - Patch, Vendor Advisory () http://www.redhat.com/support/errata/RHSA-2001-161.html - Patch, Vendor Advisory
References () http://www.securityfocus.com/bid/3614 - () http://www.securityfocus.com/bid/3614 -
References () http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0112-005 - () http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0112-005 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/7647 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/7647 -
Information

Published : 2001-12-21 05:00

Updated : 2024-11-20 23:36

NVD link : CVE-2001-0872

Mitre link : CVE-2001-0872

CVE.ORG link : CVE-2001-0872

JSON object : View

Products Affected

redhat

  • linux

openbsd

  • openssh

suse

  • suse_linux
CWE
NVD-CWE-Other