OpenSSH UseLogin Environment Variable Passing Vulnerability

Bugtraq ID: 3614
Class: Input Validation Error
CVE:
Remote: No
Local: Yes
Published: Dec 04 2001 12:00AM
Updated: Dec 04 2001 12:00AM
Credit: This vulnerability was announced in a post to the OpenBSD Security List.
Vulnerable: OpenBSD OpenSSH 3.0.1 p1
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.1
OpenBSD OpenSSH 3.0.1
+ FreeBSD FreeBSD 4.4
+ FreeBSD FreeBSD 4.3
- OpenBSD OpenBSD 2.9
- OpenBSD OpenBSD 2.8
- OpenBSD OpenBSD 2.7
- OpenBSD OpenBSD 2.6
OpenBSD OpenSSH 3.0 p1
OpenBSD OpenSSH 3.0
- OpenBSD OpenBSD 2.9
- OpenBSD OpenBSD 2.8
- OpenBSD OpenBSD 2.7
- OpenBSD OpenBSD 2.6
OpenBSD OpenSSH 2.9 p2
- Caldera OpenLinux Server 3.1
- Caldera OpenLinux Server 3.1
- Caldera OpenLinux Workstation 3.1
- Caldera OpenLinux Workstation 3.1
+ HP Secure OS software for Linux 1.0
+ HP Secure OS software for Linux 1.0
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
+ RedHat Linux 7.0 alpha
OpenBSD OpenSSH 2.9 p1
- Caldera OpenLinux 2.4
- Debian Linux 2.2
- HP HP-UX 11.11
- IBM AIX 4.3.3
- MandrakeSoft Corporate Server 1.0.1
- MandrakeSoft Single Network Firewall 7.2
- Mandriva Linux Mandrake 8.1 ia64
- Mandriva Linux Mandrake 8.1
- Mandriva Linux Mandrake 8.0 ppc
- Mandriva Linux Mandrake 8.0
- Mandriva Linux Mandrake 7.2
- Mandriva Linux Mandrake 7.1
- Red Hat Linux 6.2
- RedHat Linux 7.1
- RedHat Linux 7.0
- S.u.S.E. Linux 7.1
- S.u.S.E. Linux 7.0
- SCO eDesktop 2.4
- SCO eServer 2.3.1
- SGI IRIX 6.5.9
- Sun Solaris 8_sparc
- Sun Solaris 7.0
- Sun Solaris 2.6
OpenBSD OpenSSH 2.9
+ FreeBSD FreeBSD 4.4
+ OpenBSD OpenBSD 2.9
OpenBSD OpenSSH 2.5.2 p2
+ RedHat Linux 7.0
OpenBSD OpenSSH 2.5.2
OpenBSD OpenSSH 2.3.1 p1
OpenBSD OpenSSH 2.3.1
- OpenBSD OpenBSD 2.8
- OpenBSD OpenBSD 2.7
- OpenBSD OpenBSD 2.6
OpenBSD OpenSSH 2.1.1 p1
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.1
OpenBSD OpenSSH 2.1.1
OpenBSD OpenSSH 1.2.3
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
Not Vulnerable: OpenBSD OpenSSH 3.0.2 p1
OpenBSD OpenSSH 3.0.2


 

Privacy Statement
Copyright 2010, SecurityFocus