Vulnerability Note VU#209807
Portable OpenSSH server PAM conversion stack corruption
There is a vulnerability in the Portable OpenSSH server that may corrupt the PAM conversion stack.
The Portable OpenSSH server contains a vulnerability that may permit an attacker to corrupt the PAM conversion stack. Versions 3.7p1 and 3.7.1p1 are affected. Note that the OpenBSD-specific releases are not affected by this issue.
The complete impact of this vulnerability is not yet known, but may lead to privilege escalation, or a denial of service.
OpenSSH has announced version 3.7.1p2 to resolve this issue.
This issue can be mitigated by not using PAM. Set "UsePAM no" in sshd_config.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|OpenSSH||Affected||-||24 Sep 2003|
CVSS Metrics (Learn More)
Thanks to OpenSSH for reporting this vulnerability.
This document was written by Jason A Rafail.
- CVE IDs: CAN-2003-0787
- Date Public: 23 Sep 2003
- Date First Published: 24 Sep 2003
- Date Last Updated: 24 Sep 2003
- Severity Metric: 1.50
- Document Revision: 2
If you have feedback, comments, or additional information about this vulnerability, please send us email.