icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Portable OpenSSH < 3.7.1p2 Multiple PAM Vulnerabilities

Medium

Synopsis

The remote host is vulnerable to a flaw that allows for the bypassing of authentication.

Description

The remote host is portable OpenSSH 3.7p1 or 3.7.1p1. Versions older than 3.7.1p2 are vulnerable to a flaws that handle PAM authentication and may allow an attacker to gain a shell on this host.

Solution

Upgrade to OpenSSH 3.7.1p2 or higher or disable PAM support in sshd_config.