CVE-2001-0872

OpenSSH <3.0.1 - Privilege Escalation

Title source: llm

Description

OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows local users to gain root privileges.

References (14)

Core 14

Core References

Various Sources vendor-advisory x_refsource_mandrake

http://frontal2.mandriva.com/security/advisories?name=MDKSA-2001:092

Various Sources vendor-advisory x_refsource_hp

http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0112-005

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/7647

Various Sources vendor-advisory x_refsource_caldera

ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2001-042.1.txt

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/688

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2001/dsa-091

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=100749779131514&w=2

US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/157447

Patch, Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2001-161.html

Mailing List x_refsource_confirm

http://marc.info/?l=openssh-unix-dev&m=100747128105913&w=2

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/3614

Patch, Vendor Advisory vendor-advisory x_refsource_suse

http://lists.suse.com/archives/suse-security-announce/2001-Dec/0001.html

Vendor Advisory vendor-advisory x_refsource_conectiva

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000446

Third Party Advisory, US Government Resource third-party-advisory government-resource x_refsource_ciac

http://www.ciac.org/ciac/bulletins/m-026.shtml

Scores

EPSS 0.0018

EPSS Percentile 39.1%

Details

Status published

Products (9)

openbsd/openssh < 3.0.1

redhat/linux 7.0

redhat/linux 7.1

redhat/linux 7.2

suse/suse_linux 6.4

suse/suse_linux 7.0

suse/suse_linux 7.1

suse/suse_linux 7.2

suse/suse_linux 7.3

Published Dec 21, 2001

Tracked Since Feb 18, 2026