OpenSSH < 3.0.2 Multiple Vulnerabilities

This script is copyright (C) 2001-2011 by EMAZE Networks S.p.A.

Synopsis :

The SSH service running on the remote host has multiple

Description :

You are running a version of OpenSSH which is older than 3.0.2.
Versions prior than 3.0.2 have the following vulnerabilities :

- When the UseLogin feature is enabled, a local user
could export environment variables, resulting in
command execution as root. The UseLogin feature is
disabled by default. (CVE-2001-0872)

- A local information disclosure vulnerability.
Only FreeBSD hosts are affected by this issue.

See also :

Solution :

Upgrade to OpenSSH 3.0.2 or apply the patch for prior
versions. (Available at:

Risk factor :

High / CVSS Base Score : 7.2
CVSS Temporal Score : 5.3
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 10823 ()

Bugtraq ID: 3614

CVE ID: CVE-2001-0872