Family: Debian Local Security Checks --> Category: infos
[DSA091] DSA-091-1 ssh Vulnerability Scan
Vulnerability Scan Summary
Detailed Explanation for this Vulnerability Test
If the UseLogin feature is enabled in ssh local users could
pass environment variables (including variables like LD_PRELOAD)
to the login process. This has been fixed by not copying the
environment if UseLogin is enabled.
Please note that the default configuration for Debian does not
have UseLogin enabled.
This has been fixed in version 1:1.2.3-9.4.
Solution : http://www.debian.org/security/2001/dsa-091
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.