CVE-2003-0786 Information

Description

The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1 when Privilege Separation is disabled does not check the result of the authentication attempt which can allow remote attackers to gain privileges.

Reference

http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010812.html http://www.kb.cert.org/vuls/id/602204 http://www.openssh.com/txt/sshpam.adv http://www.securityfocus.com/archive/1/338616 http://www.securityfocus.com/archive/1/338617 http://www.securityfocus.com/bid/8677