Bypassing Resource Limits in OpenSSH 2.9 and Earlier

Bypassing Resource Limits in OpenSSH 2.9 and Earlier

CVE-2001-1459 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d.

Learn more about our User Device Pen Test.