CVE Vulnerabilities

CVE-2001-1459

Published: Jun 19, 2001 | Modified: Jul 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d.

Affected Software

Name Vendor Start Version End Version
Openssh Openbsd 2.1 2.1
Openssh Openbsd 2.1.1 2.1.1
Openssh Openbsd 2.2 2.2
Openssh Openbsd 2.3 2.3
Openssh Openbsd 2.5 2.5
Openssh Openbsd 2.5.1 2.5.1
Openssh Openbsd 2.5.2 2.5.2
Openssh Openbsd 2.9 2.9

References