Info

Disclosure

Dec 04, 2001

Discovery

Unknown

Dates

Exploit

Dec 04, 2001

Solution

Unknown

Description

OpenSSH contains a flaw that may allow a malicious local attacker to execute arbitrary code on the system. The issue is triggered by a vulnerability in the UseLogin configuration option. If the UseLogin option is enabled, a local attacker can set the LD_PRELOAD or LD_LIBRARY_PATH environment variable to point to a maliciously created shared library file, which would be executed with superuser privileges when the login program is executed. This flaw may lead to a loss of Confidentiality, Integrity, and/or Availability.

Classification

Location: Local Access Required
Attack Type: Input Manipulation, Misconfiguration
Impact: Loss of Confidentiality, Loss of Integrity, Loss of Availability
Solution: Upgrade
Exploit: Exploit Public
Disclosure: Vendor Verified

Solution

Upgrade to version 3.0.2 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by applying the vendor-supplied patch, or by disabling UseLogin in the configuration.

Products

OpenSSH	OpenSSH	1.2.3
		2.1.0
		2.1.1
		2.2.0
		2.3.0
		2.5.0
		2.5.1
		2.5.2
		2.9
		2.9.9
		3.0
		3.0.1

References

CERT VU: 157447
CVE ID: 2001-0872 (see also: NVD)
Bugtraq ID: 3614
ISS X-Force ID: 7647
Vendor Specific Advisory URL: ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2001-042.1.txt ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:63.openssh.asc http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=100747128105913&w=2
http://rhn.redhat.com/errata/RHSA-2001-161.html
http://www.debian.org/security/2001/dsa-091
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2001:092
http://www.securityfocus.com/advisories/3726
http://www.suse.de/de/security/2001_045_openssh_txt.txt
http://www.trustix.net/errata/misc/2001/TSL-2001-0030-openssh.asc.txt
CIAC Advisory: m-026

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/688