{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2003-09-24T00:00:00", "descriptions": [{"lang": "en", "value": "The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2005-03-21T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.openssh.com/txt/sshpam.adv"}, {"name": "8677", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/8677"}, {"name": "20030923 Multiple PAM vulnerabilities in portable OpenSSH", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/338617"}, {"name": "20030923 Portable OpenSSH 3.7.1p2 released", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/338616"}, {"name": "20030924 [OpenPKG-SA-2003.042] OpenPKG Security Advisory (openssh)", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010812.html"}, {"name": "VU#602204", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/602204"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0786", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.openssh.com/txt/sshpam.adv", "refsource": "CONFIRM", "url": "http://www.openssh.com/txt/sshpam.adv"}, {"name": "8677", "refsource": "BID", "url": "http://www.securityfocus.com/bid/8677"}, {"name": "20030923 Multiple PAM vulnerabilities in portable OpenSSH", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/338617"}, {"name": "20030923 Portable OpenSSH 3.7.1p2 released", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/338616"}, {"name": "20030924 [OpenPKG-SA-2003.042] OpenPKG Security Advisory (openssh)", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010812.html"}, {"name": "VU#602204", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/602204"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T02:05:12.644Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.openssh.com/txt/sshpam.adv"}, {"name": "8677", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/8677"}, {"name": "20030923 Multiple PAM vulnerabilities in portable OpenSSH", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/338617"}, {"name": "20030923 Portable OpenSSH 3.7.1p2 released", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/338616"}, {"name": "20030924 [OpenPKG-SA-2003.042] OpenPKG Security Advisory (openssh)", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010812.html"}, {"name": "VU#602204", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/602204"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0786", "datePublished": "2003-09-25T04:00:00", "dateReserved": "2003-09-17T00:00:00", "dateUpdated": "2024-08-08T02:05:12.644Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "80DC64F6-FE28-44BA-91D1-EC2DB11B2CFC", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:3.7.1p1:*:*:*:*:*:*:*", "matchCriteriaId": "DF23EBA1-D3A9-413F-9E83-43A91492C031", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges."}, {"lang": "es", "value": "La atentificaci\u00f3n desaf\u00edo-respuesta SSH1 PAM en OpenSSH 3.7.1 y 3.7.1p1, cuando la separaci\u00f3n de privilegios est\u00e1 desactivada, no comprueba el resultado del intento de autenticaci\u00f3n, lo que puede permitir a atacantes remotos ganar privilegios."}], "id": "CVE-2003-0786", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2003-11-17T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010812.html"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/602204"}, {"source": "cve@mitre.org", "url": "http://www.openssh.com/txt/sshpam.adv"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/338616"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/338617"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/8677"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010812.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/602204"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openssh.com/txt/sshpam.adv"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/338616"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/338617"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/8677"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}