CVE-2003-0786
First published: Thu Sep 25 2003(Updated: )
The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenSSH | =3.7.1p1 | |
| OpenSSH | =3.7.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2003-0786?
CVE-2003-0786 is considered a critical vulnerability due to its potential to allow remote attackers to gain elevated privileges.
How do I fix CVE-2003-0786?
The recommended fix for CVE-2003-0786 is to upgrade to a patched version of OpenSSH where Privilege Separation is enabled.
What versions of OpenSSH are affected by CVE-2003-0786?
OpenSSH versions 3.7.1 and 3.7.1p1 are affected by CVE-2003-0786.
Can CVE-2003-0786 result in unauthorized access?
Yes, CVE-2003-0786 can lead to unauthorized access as it allows remote attackers to gain privileges.
Is CVE-2003-0786 related to authentication methods in OpenSSH?
Yes, CVE-2003-0786 specifically involves the SSH1 PAM challenge response authentication method in OpenSSH.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/openbsd
- canonical/openssh
- version/openssh/3.7.1p1
- version/openssh/3.7.1