Published: 08/02/2007 Updated: 08/03/2011

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

VMScore: 570

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

The auth_via_key function in pam_ssh.c in pam_ssh prior to 1.92, when the allow_blank_passphrase option is disabled, allows remote malicious users to bypass authentication restrictions and use private encryption keys requiring a blank passphrase by entering a non-blank passphrase.

Vulnerable Product	Search on Vulmon	Subscribe to Product
pam ssh pam ssh 1.91

Debian Bug report logs - #410236 CVE-2007-0844: libpam-ssh: pam_ssh "auth_via_key()" Function Package: libpam-ssh; Maintainer for libpam-ssh is Jerome Benoit <calculus@rezozernet>; Source for libpam-ssh is src:libpam-ssh (PTS, buildd, popcon) Reported by: Alex de Oliveira Silva <enerv@hostsk> Date: Thu, 8 Feb 2007 ...

Debian Bug report logs - #535877 CVE-2009-1273: user enumeration issue in libpam-ssh Package: libpam-ssh; Maintainer for libpam-ssh is Jerome Benoit <calculus@rezozernet>; Source for libpam-ssh is src:libpam-ssh (PTS, buildd, popcon) Reported by: Florian Weimer <fw@denebenyode> Date: Sun, 5 Jul 2009 18:36:01 UTC ...

NVD-CWE-Other http://sourceforge.net/project/shownotes.php?release_id=484376 http://secunia.com/advisories/24061 http://www.securityfocus.com/bid/22461 http://osvdb.org/33119 http://www.vupen.com/english/advisories/2007/0524 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=410236 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-0844

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect