Re: OpenSSH Vulns (new?) Priv seperation

From: Filipe Almeida (filipeat_private)
Date: Fri Oct 04 2002 - 11:30:17 PDT

Next message: Sean Zadig: "shellcode -> asm?"

Previous message: Andrew: "Re: DHCP man in the middle attack"
Next in thread: Markus Friedl: "Re: OpenSSH Vulns (new?) Priv seperation"
Reply: Markus Friedl: "Re: OpenSSH Vulns (new?) Priv seperation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Oct 03, 2002 at 05:36:39AM +0200, Peter Mueller wrote:
> reducing root-run code from 27000 to 2500 lines is the important part.  who
> cares how many holes there are when it is in /var/empty/sshd chroot with no
> possibility of root :)

Not really. You are still a user on the system so you can use that machine as 
a relay to an intranet or to perform trust relationship attacks.
You may also be able to steal sshd's private keys as an aid to a mitm attack.

I care about that :)

--
Filipe Almeida
<filipeat_private>

Next message: Sean Zadig: "shellcode -> asm?"
Previous message: Andrew: "Re: DHCP man in the middle attack"
Next in thread: Markus Friedl: "Re: OpenSSH Vulns (new?) Priv seperation"
Reply: Markus Friedl: "Re: OpenSSH Vulns (new?) Priv seperation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Oct 04 2002 - 11:43:46 PDT