Insecure Process Group Handling in SSH Secure Shell

Insecure Process Group Handling in SSH Secure Shell

CVE-2002-1644 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

SSH Secure Shell for Servers and SSH Secure Shell for Workstations 2.0.13 through 3.2.1, when running without a PTY, does not call setsid to remove the child process from the process group of the parent process, which allows attackers to gain certain privileges.

Learn more about our Cis Benchmark Audit For Server Software.