PT-2001-1065 · Openssh+1 · Openssh+1

Published

2001-12-03

Updated

2024-07-08

CVE-2001-0816

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions openssh-server versions 2.9p2 through 2.9.8 openssh-clients version 2.9p2 openssh version 2.9p2 openssh-askpass-gnome version 2.9p2 openssh-askpass version 2.9p2

Description The issue affects the confidentiality, integrity, and availability of protected information. It can be exploited remotely. According to the NVD, OpenSSH before 2.9.9, when running sftp using sftp-server and using restricted keypairs, allows remote authenticated users to bypass authorized keys2 command= restrictions using sftp commands.

Recommendations For openssh-server versions 2.9p2 through 2.9.8, update to version 2.9.9 or later. For openssh-clients version 2.9p2, update to version 2.9.9 or later. For openssh version 2.9p2, update to version 2.9.9 or later. For openssh-askpass-gnome version 2.9p2, update to version 2.9.9 or later. For openssh-askpass version 2.9p2, update to version 2.9.9 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2024-3921

ALT-PU-2024-4077

ALT-PU-2024-4467

ALT-PU-2024-9513

BDU:2015-08183

BDU:2015-08186

BDU:2015-08189

BDU:2015-08192

BDU:2015-08195

CVE-2001-0816

Affected Products

Alt Linux

Openssh

PT-2001-1065 · Openssh+1 · Openssh+1

CVE-2001-0816

Related Identifiers

Affected Products

References · 357