SSH Inc. getlogin() Spoofing Privilege Escalation Vulnerability
|7||(AV:L/AC:L/Au:N/C:C/I:C/A:C)||November 25, 2002||November 01, 2004||July 12, 2012|
Due to a flaw in the process grouping logic, certain versions of SSH Inc. Secure Shell may allow a local attacker to spoof the result of the 'getlogin()' system call. This vulnerability allows the insertion of SSH syslog entries to be logged as coming from the root account; local attackers may also be able to elevate privileges as well.
Free Nexpose Download
Discover, prioritize, and remediate security risks today!
Upgrade to SSH Secure Shell v3.2.2
Download and apply the upgrade from: ftp://ftp.ssh.com/pub/ssh/old/ssh-3.2.2.tar.gz
Upgrade to SSH v3.2.2 or later. See the SSH website for download information.