CVE-2003-0786

{"id": "CVE-2003-0786", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2003-11-17T05:00:00.000", "references": [{"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010812.html", "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/602204", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.openssh.com/txt/sshpam.adv", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/338616", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/338617", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/8677", "source": "cve@mitre.org"}, {"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010812.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.kb.cert.org/vuls/id/602204", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openssh.com/txt/sshpam.adv", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/338616", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/338617", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/8677", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges."}, {"lang": "es", "value": "La atentificaci\u00f3n desaf\u00edo-respuesta SSH1 PAM en OpenSSH 3.7.1 y 3.7.1p1, cuando la separaci\u00f3n de privilegios est\u00e1 desactivada, no comprueba el resultado del intento de autenticaci\u00f3n, lo que puede permitir a atacantes remotos ganar privilegios."}], "lastModified": "2024-11-20T23:45:31.337", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80DC64F6-FE28-44BA-91D1-EC2DB11B2CFC"}, {"criteria": "cpe:2.3:a:openbsd:openssh:3.7.1p1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF23EBA1-D3A9-413F-9E83-43A91492C031"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}