Openbsd: >> Openssh >> 1.2 Security Vulnerabilities
OpenSSH does not properly drop privileges when the UseLogin option is enabled, which allows local users to execute arbitrary commands by providing the command to the ssh daemon.
CVSS Score
10.0
EPSS Score
0.026
Published
2000-06-08
The default configuration of SSH allows X forwarding, which could allow a remote attacker to control a client's X sessions via a malicious xauth program.
CVSS Score
5.1
EPSS Score
0.01
Published
2000-02-24
The SSH protocol server sshd allows local users without shell access to redirect a TCP connection through a service that uses the standard system password database for authentication, such as POP or FTP.
CVSS Score
4.6
EPSS Score
0.003
Published
2000-02-11
Page 7