There is a vulnerability in the Portable OpenSSH server that may corrupt the PAM conversion stack.
The Portable OpenSSH server contains a vulnerability that may permit an attacker to corrupt the PAM conversion stack. Versions 3.7p1 and 3.7.1p1 are affected. Note that the OpenBSD-specific releases are not affected by this issue.
The complete impact of this vulnerability is not yet known, but may lead to privilege escalation, or a denial of service.
OpenSSH has announced version 3.7.1p2 to resolve this issue.
This issue can be mitigated by not using PAM. Set "UsePAM no" in sshd_config.
Thanks to OpenSSH for reporting this vulnerability.
|Date First Published:||2003-09-24|
|Date Last Updated:||2003-09-24 15:06 UTC|