OpenSSH UseLogin Environment Variable Passing Vulnerability

Bugtraq ID: 3614
Class: Input Validation Error
CVE:
Remote: No
Local: Yes
Published: Dec 04 2001 12:00AM
Updated: Dec 04 2001 12:00AM
Credit: This vulnerability was announced in a post to the OpenBSD Security List.
Vulnerable: OpenBSD OpenSSH 3.0.1 p1
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.1
OpenBSD OpenSSH 3.0.1
+ FreeBSD FreeBSD 4.4
+ FreeBSD FreeBSD 4.3
- OpenBSD OpenBSD 2.9
- OpenBSD OpenBSD 2.8
- OpenBSD OpenBSD 2.7
- OpenBSD OpenBSD 2.6
OpenBSD OpenSSH 3.0 p1
OpenBSD OpenSSH 3.0
- OpenBSD OpenBSD 2.9
- OpenBSD OpenBSD 2.8
- OpenBSD OpenBSD 2.7
- OpenBSD OpenBSD 2.6
OpenBSD OpenSSH 2.9 p2
- Caldera OpenLinux Server 3.1
- Caldera OpenLinux Server 3.1
- Caldera OpenLinux Workstation 3.1
- Caldera OpenLinux Workstation 3.1
+ HP Secure OS software for Linux 1.0
+ HP Secure OS software for Linux 1.0
+ Redhat Linux 7.2 i386
 + Redhat Linux 7.1 ia64
 + Redhat Linux 7.1 ia64
 + Redhat Linux 7.1 i386
 + Redhat Linux 7.1 i386
 + Redhat Linux 7.1 alpha
 + Redhat Linux 7.1 alpha
 + Redhat Linux 7.0 i386
 + Redhat Linux 7.0 i386
 + Redhat Linux 7.0 alpha
 + Redhat Linux 7.0 alpha
 OpenBSD OpenSSH 2.9 p1
- Caldera OpenLinux 2.4
- Debian Linux 2.2
- HP HP-UX 11.11
- IBM AIX 4.3.3
- MandrakeSoft Corporate Server 1.0.1
- MandrakeSoft Single Network Firewall 7.2
- Mandriva Linux Mandrake 8.1 ia64
 - Mandriva Linux Mandrake 8.1
- Mandriva Linux Mandrake 8.0 ppc
 - Mandriva Linux Mandrake 8.0
- Mandriva Linux Mandrake 7.2
- Mandriva Linux Mandrake 7.1
- Redhat Linux 7.1
- Redhat Linux 7.0
- Redhat Linux 6.2
 - SCO eDesktop 2.4
- SCO eServer 2.3.1
- SGI IRIX 6.5.9
- Sun Solaris 8_sparc
 - Sun Solaris 7.0
 - Sun Solaris 2.6
 - SuSE Linux 7.1
- SuSE Linux 7.0
OpenBSD OpenSSH 2.9
+ FreeBSD FreeBSD 4.4
+ OpenBSD OpenBSD 2.9
OpenBSD OpenSSH 2.5.2 p2
+ Redhat Linux 7.0
OpenBSD OpenSSH 2.5.2
OpenBSD OpenSSH 2.3.1 p1
OpenBSD OpenSSH 2.3.1
- OpenBSD OpenBSD 2.8
- OpenBSD OpenBSD 2.7
- OpenBSD OpenBSD 2.6
OpenBSD OpenSSH 2.1.1 p1
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.1
OpenBSD OpenSSH 2.1.1
OpenBSD OpenSSH 1.2.3
+ Debian Linux 2.2 sparc
 + Debian Linux 2.2 powerpc
 + Debian Linux 2.2 arm
 + Debian Linux 2.2 alpha
 + Debian Linux 2.2 68k
 + Debian Linux 2.2
Not Vulnerable: OpenBSD OpenSSH 3.0.2 p1
OpenBSD OpenSSH 3.0.2


 

Privacy Statement
Copyright 2010, SecurityFocus