CVE-2003-0786
EPSS 3.1%
Description
The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges.
How to fix CVE-2003-0786
To remediate CVE-2003-0786, upgrade the affected package to a fixed version below.
- Debian/openssh—upgrade to 1:3.7.1p2 or later
Is CVE-2003-0786 being exploited?
Low — EPSS is 3.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1:3.7.1p2