{"vuid":"VU#209807","idnumber":"209807","name":"Portable OpenSSH server PAM conversion stack corruption","keywords":["OpenSSH","PAM"],"overview":"There is a vulnerability in the Portable OpenSSH server that may corrupt the PAM conversion stack.","clean_desc":"The Portable OpenSSH server contains a vulnerability that may permit an attacker to corrupt the PAM conversion stack. Versions 3.7p1 and 3.7.1p1 are affected. Note that the OpenBSD-specific releases are not affected by this issue.","impact":"The complete impact of this vulnerability is not yet known, but may lead to privilege escalation, or a denial of service.","resolution":"OpenSSH has announced version 3.7.1p2 to resolve this issue.","workarounds":"This issue can be mitigated by not using PAM. Set \"UsePAM no\" in sshd_config.","sysaffected":"","thanks":"Thanks to OpenSSH for reporting this vulnerability.","author":"This document was written by Jason A Rafail.","public":["http://marc.theaimsgroup.com/?l=openbsd-misc&m=106432248311634&w=2","http://www.openssh.com/txt/sshpam.adv"],"cveids":["CVE-2003-0787"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2003-09-23T21:30:21Z","publicdate":"2003-09-23T00:00:00Z","datefirstpublished":"2003-09-24T15:06:09Z","dateupdated":"2003-09-24T15:06:19Z","revision":2,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"10","cam_exploitation":"0","cam_internetinfrastructure":"10","cam_population":"5","cam_impact":"8","cam_easeofexploitation":"10","cam_attackeraccessrequired":"10","cam_scorecurrent":"1.5","cam_scorecurrentwidelyknown":"2.25","cam_scorecurrentwidelyknownexploited":"3.75","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":1.5,"vulnote":null}