SSH Secure Shell without PTY setsid() Function Privilege Escalation

High Nessus Plugin ID 11169


The remote SSH server is affected by a privilege escalation vulnerability.


According to its banner, the version of SSH Secure Shell running on the remote host is between 2.0.13 and 3.2.1. There is a bug in such versions that may allow a non-interactive shell session, such as used in scripts, to obtain higher privileges due to a flaw in the way setsid() is used.


Upgrade to SSH Secure Shell 3.1.5 / 3.2.2 or later.

See Also

Plugin Details

Severity: High

ID: 11169

File Name: ssh_setsid.nasl

Version: $Revision: 1.21 $

Type: remote

Family: Misc.

Published: 2002/11/25

Modified: 2014/04/17

Dependencies: 11936, 10267

Risk Information

Risk Factor: High


Base Score: 7.1

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 2002/11/26

Reference Information

CVE: CVE-2002-1644

BID: 6247

OSVDB: 18240