OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Openssh | Openbsd | 2.1.1 | 2.1.1 |
Openssh | Openbsd | 2.5.1 | 2.5.1 |
Openssh | Openbsd | 2.2 | 2.2 |
Openssh | Openbsd | 2.1 | 2.1 |
Openssh | Openbsd | 2.9 | 2.9 |
Openssh | Openbsd | 2.5.2 | 2.5.2 |
Openssh | Openbsd | 2.3 | 2.3 |
Openssh | Openbsd | 2.5 | 2.5 |