Rapid7 Vulnerability & Exploit Database

OpenSSH UseLogin SetUID Vulnerability

Back to Search

OpenSSH UseLogin SetUID Vulnerability

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
06/08/2000
Created
07/25/2018
Added
11/01/2004
Modified
11/09/2017

Description

OpenSSH does not properly drop privileges when the UseLogin option is enabled, which allows local users to execute arbitrary commands by providing the command to the ssh daemon.

Solution(s)

  • openbsd-openssh-upgrade-2_1_1

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;