CVE-2001-0872

Name of the Vulnerable Software and Affected Versions OpenSSH versions 3.0.1 and earlier openssh-server-2.9p2 openssh-clients-2.9p2 openssh-2.9p2 openssh-askpass-2.9p2 openssh-askpass-gnome-2.9p2 ssh-askpass-ptk

Description The issue concerns multiple vulnerabilities in OpenSSH and related packages, which can lead to breaches of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. Specifically, OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD PRELOAD, allowing local users to gain root privileges.

Recommendations For OpenSSH versions 3.0.1 and earlier, consider disabling the UseLogin feature until a patch is available. For openssh-server-2.9p2, openssh-clients-2.9p2, openssh-2.9p2, openssh-askpass-2.9p2, and openssh-askpass-gnome-2.9p2, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For ssh-askpass-ptk, at the moment, there is no information about a newer version that contains a fix for this vulnerability.