Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
SSH Secure Shell for Servers and SSH Secure Shell for Workstations 2.0.13 through 3.2.1, when running without a PTY, does not call setsid to remove the child process from the process group of the parent process, which allows attackers to gain certain privileges.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SSH Communications SSH Server权限提升漏洞
Vulnerability Description
Secure Shell是一款由SSH Communications分发和维护的商业SSH实现。 Secure Shell Servers在非交互命令执行之后没有正确从主进程组删除子进程,远程攻击者可以利用这个漏洞发送误导消息给syslog和其他应用程序。 当使用非交互连接时,在处理SSH Secure Shell主进程组时没有正确处理子进程,如果非交互命令不带pty执行(包含运行命令和子系统),子进程就会保留在主进程组中而不被删除。 在依靠getlogin()平台上的恶意用户利用这个漏洞至少可以发送误导
CVSS Information
N/A
Vulnerability Type
N/A