Loss of Confidentiality,
Loss of Integrity,
Loss of Availability
OpenSSH contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the UseLogin option is enabled. sshd does not switch to the UID of the user logging in, relying on login(1) to do this. If the user specifies a command for remote execution, login(1) cannot be used and sshd fails to set the correct user id, so the command is executed with the privileges of the sshd process (normally root). This flaw may lead to a loss of Confidentiality, Integrity and/or Availability.
Upgrade to version 2.1.1 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by applying the vendor-supplied patch, or by disabling UseLogin.