Openssh · Openssh · CVE-2003-0786
Name of the Vulnerable Software and Affected Versions:
OpenSSH versions 3.7.1 through 3.7.1p1
Description:
The issue concerns the SSH1 PAM challenge response authentication mechanism in OpenSSH. When Privilege Separation is disabled, the authentication attempt result is not properly checked, potentially allowing remote attackers to gain privileges.
Recommendations:
For OpenSSH versions 3.7.1 through 3.7.1p1, consider enabling Privilege Separation to mitigate the risk of exploitation. As a temporary workaround, restrict access to the SSH1 PAM challenge response authentication mechanism until a patch is available.