There is a vulnerability in the challenge authentication code of the OpenSSH (3.7p1 and 3.7.1 p1) when using the SSHv1 protocol and Pluggable Authentication Modules (PAM). The attacker can bypass user authentication.
OpenSSH OpenSSH 3.7.1 p1 OpenSSH OpenSSH 3.7 p1
This vulnerability could permit a remote attacker to log in to the system as any user, potentially including root, without using a password.
Bug was fixed in 3.7.2. Apply to latest version or use SSHv2.