Vulnerability Note VU#740619
SSH Secure Shell for Servers fails to remove child process from master process group
Overview
A locally exploitable privilege escalation vulnerability exists in SSH Secure Shell versions 2.0.13 - 3.2.1.
Description
Secure Shell for Servers, developed by SSH Communications Security, does not properly remove the child process from the master process group after non-interactive command execution. Quoting from the SSH Communications Security Advisory: When used in non-interactive connections, a defect in process grouping |
Impact
A local attacker may be able to gain elevated privileges. |
Solution
Upgrade your software. Note that both Secure Shell for Servers and Secure Shell for Workstations need to be updated to eliminate this vulnerability. |
Systems Affected (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| SSH Communications Security | Affected | - | 14 May 2003 |
| Hewlett-Packard Company | Not Affected | - | 29 May 2008 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
Credit
Thanks to Logan Gabriel for reporting this vulnerability.
This document was written by Ian A Finlay.
Other Information
- CVE IDs: Unknown
- Date Public: 25 Nov 2002
- Date First Published: 25 Nov 2002
- Date Last Updated: 29 May 2008
- Severity Metric: 8.35
- Document Revision: 15
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.