Vulnerability Name:

CVE-2000-0525 (CCN-4646)

Assigned:2000-06-08
Published:2000-06-08
Updated:2017-10-10
Summary:OpenSSH does not properly drop privileges when the UseLogin option is enabled, which allows local users to execute arbitrary commands by providing the command to the ssh daemon.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: FreeBSD Security Advisory FreeBSD-SA-00:30
OpenSSH UseLogin directive permits remote root access

Source: BUGTRAQ
Type: UNKNOWN
20000609 OpenSSH's UseLogin option allows remote access with root privilege.

Source: CCN
Type: BugTraq Mailing List, Fri Jun 09 2000 - 10:06:30 CDT
OpenSSH's UseLogin option allows remote access with root privilege.

Source: MITRE
Type: CNA
CVE-2000-0525

Source: CCN
Type: Conectiva Linux Announcement CLSA-2000:227
"UseLogin" option allows remote execution of commands as root

Source: CCN
Type: CIAC Information Bulletin K-058
OpenSSH UseLogin Vulnerability

Source: CCN
Type: US-CERT VU#40327
OpenSSH UseLogin option allows remote execution of commands as root

Source: OPENBSD
Type: UNKNOWN
20000606 The non-default UseLogin feature in /etc/sshd_config is broken and should not be used.

Source: CCN
Type: OpenSSH Web site
OpenSSH 2.1.1: June 8, 2000

Source: OSVDB
Type: UNKNOWN
341

Source: CCN
Type: OSVDB ID: 341
OpenSSH UseLogin Local Privilege Escalation

Source: CCN
Type: SecuriTeam Mailing List, UNIX focus 6 Oct 2000
OpenSSH UseLogin option allows remote access with root privileges

Source: BID
Type: UNKNOWN
1334

Source: CCN
Type: BID-1334
OpenSSH UseLogin Vulnerability

Source: XF
Type: UNKNOWN
openssh-uselogin-remote-exec(4646)

Source: XF
Type: UNKNOWN
openssh-uselogin-remote-exec(4646)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:openbsd:openssh:1.2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.2.3:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.1:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:openbsd:openssh:*:*:*:*:*:*:*:*
  • AND
  • cpe:/o:freebsd:freebsd:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:5.0:-:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:5.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    openbsd openssh 1.2
    openbsd openssh 1.2.3
    openbsd openssh 2.1
    openbsd openssh *
    freebsd freebsd 4.0
    freebsd freebsd 5.0 -
    conectiva linux 5.0