漏洞信息详情
OpenSSH UseLogin环境变量传递漏洞
- CNNVD编号:CNNVD-200112-123
- 危害等级: 高危
![图片[1]-OpenSSH UseLogin环境变量传递漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-05-11/bbdd3e8868c10d22861b2275d65f4500.png)
- CVE编号:
CVE-2001-0872
- 漏洞类型:
输入验证
- 发布时间:
2001-12-21
- 威胁类型:
本地
- 更新时间:
2006-03-28
- 厂 商:
suse - 漏洞来源:
This vulnerability… -
漏洞简介
OpenSSH 3.0.1及其早期版本存在漏洞。当UseLogin有效时,该软件不能正确的净化关键环境变量如:D_PRELOAD,本地用户利用该漏洞提升根特权。
漏洞公告
Update available:
OpenBSD OpenSSH 1.2.3
-
Debian 2.2 alpha ssh-askpass-gnome_1.2.3-9.4_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/ssh-
askpass-gnome_1.2.3-9.4_alpha.deb -
Debian 2.2 alpha ssh_1.2.3-9.4_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/ssh_
1.2.3-9.4_alpha.deb -
Debian 2.2 arm ssh-askpass-gnome_1.2.3-9.4_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/ssh-as
kpass-gnome_1.2.3-9.4_arm.deb -
Debian 2.2 arm ssh_1.2.3-9.4_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/ssh_1.
2.3-9.4_arm.deb -
Debian 2.2 i386 ssh-askpass-gnome_1.2.3-9.4_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/ssh-a
skpass-gnome_1.2.3-9.4_i386.deb -
Debian 2.2 i386 ssh_1.2.3-9.4_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/ssh_1
.2.3-9.4_i386.deb -
Debian 2.2 m68k ssh-askpass-gnome_1.2.3-9.4_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/ssh-a
skpass-gnome_1.2.3-9.4_m68k.deb -
Debian 2.2 m68k ssh_1.2.3-9.4_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/ssh_1
.2.3-9.4_m68k.deb -
Debian 2.2 ppc ssh-askpass-gnome_1.2.3-9.4_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/ss
h-askpass-gnome_1.2.3-9.4_powerpc.deb -
Debian 2.2 ppc ssh_1.2.3-9.4_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/ss
h_1.2.3-9.4_powerpc.deb -
Debian 2.2 sparc ssh-askpass-gnome_1.2.3-9.4_sparc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/ssh-
askpass-gnome_1.2.3-9.4_sparc.deb -
Debian 2.2 sparc ssh_1.2.3-9.4_sparc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/ssh_
1.2.3-9.4_sparc.deb
OpenBSD OpenSSH 2.1.1 p1
-
Trustix 1.1 i386 openssh-3.0.2p1-2tr.i586.rpm
ftp://ftp.trustix.net/pub/Trustix/updates/1.1/RPMS/openssh-3.0.2p1-2tr
.i586.rpm -
Trustix 1.1 i386 openssh-clients-3.0.2p1-2tr.i586.rpm
ftp://ftp.trustix.net/pub/Trustix/updates/1.1/RPMS/openssh-clients-3.0
.2p1-2tr.i586.rpm -
Trustix 1.1 i386 openssh-server-3.0.2p1-2tr.i586.rpm
ftp://ftp.trustix.net/pub/Trustix/updates/1.1/RPMS/openssh-server-3.0.
2p1-2tr.i586.rpm -
Trustix 1.2 i386 openssh-3.0.2p1-2tr.i586.rpm
ftp://ftp.trustix.net/pub/Trustix/updates/1.2/RPMS/openssh-3.0.2p1-2tr
.i586.rpm -
Trustix 1.2 i386 openssh-clients-3.0.2p1-2tr.i586.rpm
ftp://ftp.trustix.net/pub/Trustix/updates/1.2/RPMS/openssh-clients-3.0
.2p1-2tr.i586.rpm -
Trustix 1.2 i386 openssh-server-3.0.2p1-2tr.i586.rpm
ftp://ftp.trustix.net/pub/Trustix/updates/1.2/RPMS/openssh-server-3.0.
2p1-2tr.i586.rpm -
Trustix 1.5 i386 openssh-3.0.2p1-2tr.i586.rpm
ftp://ftp.trustix.net/pub/Trustix/updates/1.5/RPMS/openssh-3.0.2p1-2tr
.i586.rpm -
Trustix 1.5 i386 openssh-clients-3.0.2p1-2tr.i586.rpm
ftp://ftp.trustix.net/pub/Trustix/updates/1.5/RPMS/openssh-clients-3.0
.2p1-2tr.i586.rpm -
Trustix 1.5 i386 openssh-server-3.0.2p1-2tr.i586.rpm
ftp://ftp.trustix.net/pub/Trustix/updates/1.5/RPMS/openssh-server-3.0.
2p1-2tr.i586.rpm
OpenBSD OpenSSH 2.9 p2
-
Caldera OpenLinux 3.1 Server openssh-2.9p2-4.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS/op
enssh-2.9p2-4.i386.rpm -
Caldera OpenLinux 3.1 Server openssh-askpass-2.9p2-4.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS/op
enssh-askpass-2.9p2-4.i386.rpm -
Caldera OpenLinux 3.1 Server openssh-server-2.9p2-4.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS/op
enssh-server-2.9p2-4.i386.rpm -
Caldera OpenLinux 3.1 Workstation openssh-2.9p2-4.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RP
MS/openssh-2.9p2-4.i386.rpm -
Caldera OpenLinux 3.1 Workstation openssh-askpass-2.9p2-4.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RP
MS/openssh-askpass-2.9p2-4.i386.rpm -
Caldera OpenLinux 3.1 Workstation openssh-server-2.9p2-4.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RP
MS/openssh-server-2.9p2-4.i386.rpm -
Red Hat 7.0 alpha openssh-2.9p2-11.7.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/openssh-2.9p2-11.7.alpha.rpm -
Red Hat 7.0 alpha openssh-askpass-2.9p2-11.7.alpha.rpm
ftp://updates.redhat.com
参考网址
来源:US-CERT Vulnerability Note: VU#157447
名称: VU#157447
链接:http://www.kb.cert.org/vuls/id/157447
来源: REDHAT
名称: RHSA-2001:161
链接:http://www.redhat.com/support/errata/RHSA-2001-161.html
来源: BUGTRAQ
名称: 20011204 [Fwd: OpenSSH 3.0.2 fixes UseLogin vulnerability]
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=100749779131514&w=2
来源: SUSE
名称: SuSE-SA:2001:045
链接:http://lists.suse.com/archives/suse-security-announce/2001-Dec/0001.html
来源: marc.theaimsgroup.com
链接:http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=100747128105913&w=2
来源: XF
名称: openssh-uselogin-execute-code(7647)
链接:http://xforce.iss.net/static/7647.php
来源: HP
名称: HPSBUX0112-005
链接:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0112-005
来源: BID
名称: 3614
链接:http://www.securityfocus.com/bid/3614
来源: OSVDB
名称: 688
链接:http://www.osvdb.org/688
来源: DEBIAN
名称: DSA-091
链接:http://www.debian.org/security/2001/dsa-091
来源: CIAC
名称: M-026
链接:http://www.ciac.org/ciac/bulletins/m-026.shtml
来源: MANDRAKE
名称: MDKSA-2001:092
链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2001:092
来源: CONECTIVA
名称: CLA-2001:446
链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000446
来源: CALDERA
名称: CSSA-2001-042.1
链接:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2001-042.1.txt
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
