Family: Gain root remotely --> Category: infos
OpenSSH UseLogin Environment Variables Vulnerability Scan
Vulnerability Scan Summary
Checks for the remote SSH version
Detailed Explanation for this Vulnerability Test
You are running a version of OpenSSH which is older than 3.0.2.
Versions prior than 3.0.2 are vulnerable to an environment variables
export that can allow a local user to execute command with root
rights. This problem affect only versions prior than 3.0.2, and
when the UseLogin feature is enabled (usually disabled by default)
Solution : Upgrade to OpenSSH 3.0.2 or apply the patch for prior
versions. (Available at: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH)
Threat Level: High (If UseLogin is enabled, and locally)
Click HERE for more information and discussions on this network vulnerability scan.