Description
OpenSSH does not properly drop privileges when the UseLogin option is enabled, which allows local users to execute arbitrary commands by providing the command to the ssh daemon.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/4646
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/1334
Various Sources vendor-advisory
x_refsource_openbsd
http://www.openbsd.org/errata.html#uselogin
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-06/0065.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/341
Scores
EPSS
0.0071
EPSS Percentile
72.4%
Details
Status
published
Products (3)
openbsd/openssh
1.2
openbsd/openssh
1.2.3
openbsd/openssh
2.1
Published
Jun 08, 2000
Tracked Since
Feb 18, 2026