Nexpose Vulnerability Database
- Try searching for a product or vendor.
- Only vulnerabilities that match all search terms will be returned.
- Enclose search terms in double quotes for an exact search.
- For CVE searches, only enter the CVE-YYYY-XXXX code.
Get Nexpose now
Search vulnerabilities with Rapid7's vulnerability management solutionFREE DOWNLOAD
SSH Inc. getlogin() Spoofing Privilege Escalation Vulnerability
|Critical (8)||7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)||Nov 25, 2002||Nov 1, 2004||Sep 16, 2010|
Due to a flaw in the process grouping logic, certain versions of SSH Inc. Secure Shell may allow a local attacker to spoof the result of the 'getlogin()' system call. This vulnerability allows the insertion of SSH syslog entries to be logged as coming from the root account; local attackers may also be able to elevate privileges as well.
Get your solution now
Upgrade to SSH Secure Shell v3.2.2
Download and apply the upgrade from: ftp://ftp.ssh.com/pub/ssh/old/ssh-3.2.2.tar.gz
Upgrade to SSH v3.2.2 or later. See the SSH website for download information.
Download our vulnerability management solution, Nexpose, for free today. Scan 100% of your infrastructure for vulnerabilities, understand your risk exposure, compare and prioritize your vulnerabilities and verify that they are remediated.