CVE-2000-0525 — Vulnetix

Try Vulnetix Request Demo

CVE-2000-0525 PUBLISHED CVSS 10 CRITICAL

OpenSSH does not properly drop privileges when the UseLogin option is enabled, which allows local users to execute arbitrary commands by providing the command to the ssh daemon.

EPSS 0.71% · 72.1th percentile

Risk Scores

CVSS v2.0

10

EPSS Score

0.71%

72.1th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
openbsd	openssh	1.2, 1.2.3, 2.1

Timeline

Jun 8, 2000 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/4646 technical
20000606 The non-default UseLogin feature in /etc/sshd_config is broken and should not be used. vendor-advisory
341 vdb
20000609 OpenSSH's UseLogin option allows remote access with root privilege. mailing-list
1334 vdb
https://nvd.nist.gov/vuln/detail/CVE-2000-0525 advisory

Open in Interactive Console →