Re: OpenSSH Vulns (new?) Priv seperation

From: John Madden (maddenjat_private)
Date: Wed Jun 26 2002 - 13:02:02 PDT

  • Next message: Dave Aitel: "Re: Java and buffer overflows"

    This was posted to Bugtraq earlier today. 
    
    http://online.securityfocus.com/archive/1/278818/2002-06-23/2002-06-29/0
    
    It's the ISS disclosure of the bug. I've read a few more mails about the
    privsep issue and there's very mixed feelings about it. I have it
    running with compression turned off on a debian server with kernel
    2.2.20 since yesterday morning without any trouble. However, I also came
    across a mail on the proftpd list (I think) where someone claimed to
    have a root exploit already with this enabled. 
    
    Basically, enabling privsep in the config limits the danger of the bug,
    but doesn't fix it. If exploited successfully, the attacker will get a
    shell which is chrooted and only gives sshd account. 
    
    -- 
    Chat ya later,
    
    John.
    --
    BOFH excuse #51: Cosmic ray particles crashed through the hard disk platter
    



    This archive was generated by hypermail 2b30 : Wed Jun 26 2002 - 20:52:24 PDT