OpenSSH Privilege Separation Key Signature Weakness

OpenSSH Privilege Separation Key Signature Weakness

OpenSSH is prone to a weakness that may allow attackers to authenticate without proper key signatures. This issue is due to a design error between privileged processes and their child processes.

Little is known regarding this vulnerability; more information will be added to this BID when it becomes available.

OpenSSH version 4.4 is vulnerable; other versions may also be affected.

Note that this weakness is not known to be exploitable unless other vulnerabilites are present.