This was posted to Bugtraq earlier today. http://online.securityfocus.com/archive/1/278818/2002-06-23/2002-06-29/0 It's the ISS disclosure of the bug. I've read a few more mails about the privsep issue and there's very mixed feelings about it. I have it running with compression turned off on a debian server with kernel 2.2.20 since yesterday morning without any trouble. However, I also came across a mail on the proftpd list (I think) where someone claimed to have a root exploit already with this enabled. Basically, enabling privsep in the config limits the danger of the bug, but doesn't fix it. If exploited successfully, the attacker will get a shell which is chrooted and only gives sshd account. -- Chat ya later, John. -- BOFH excuse #51: Cosmic ray particles crashed through the hard disk platter
This archive was generated by hypermail 2b30 : Wed Jun 26 2002 - 20:52:24 PDT