{"vuid":"VU#40327","idnumber":"40327","name":"OpenSSH UseLogin option allows remote execution of commands as root","keywords":["openssh","UseLogin","security","vulnerability"],"overview":"Versions of OpenSSH prior to 2.1.1 (current circa June, 2000) allow a remote attacker to execute arbitrary commands with the privileges of sshd, typically root.","clean_desc":"OpenSSH is a free implementation of versions 1 and 2 of the SSH protocol. If sshd is configured with the UseLogin option, it attempts to use login(1) to authenticate the user. However, is ssh is used to execute a command, the command is run with the privileges of sshd, typically root. UseLogin is not enabled by default.","impact":"Remote attackers can run arbitrary commands as root on systems with UseLogin enabled.","resolution":"Upgrade to the latest version of OpenSSH.","workarounds":"","sysaffected":"","thanks":"Our thanks to Markus Friedl who reported this information.","author":"This document was written by Shawn V Hernan.","public":["http://www.openbsd.org/errata27.html#uselogin","http://www.securityfocus.com/bid/1334","http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-06-8&msg=20000609170629.A4933@folly.informatik.uni-erlangen.de","http://www.ciac.org/ciac/bulletins/k-058.shtml","http://www.securiteam.com/unixfocus/5MQ070A1QU.html","http://xforce.iss.net/alerts/vol-5_num-6.php#-openssh-uselogin-remote-exec"],"cveids":["CVE-2000-0525"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2000-06-16T22:18:26Z","publicdate":"2000-06-09T00:00:00Z","datefirstpublished":"2001-11-05T18:59:55Z","dateupdated":"2001-11-05T18:59:58Z","revision":6,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"20","cam_exploitation":"10","cam_internetinfrastructure":"10","cam_population":"7","cam_impact":"20","cam_easeofexploitation":"20","cam_attackeraccessrequired":"15","cam_scorecurrent":"31.5","cam_scorecurrentwidelyknown":"31.5","cam_scorecurrentwidelyknownexploited":"39.375","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":31.5,"vulnote":null}