Re: Fwd: OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS

From: Robin Smith (rasmith@aristotle.tamu.edu)
Date: 01/06/03


To: freebsd-security@FreeBSD.ORG
Date: Mon, 06 Jan 2003 15:39:01 -0600
From: Robin Smith <rasmith@aristotle.tamu.edu>


>>>>> "Darren" == Darren Pilgrim <dmp@pantherdragon.org> writes:

    Darren> Mike Tancsa wrote:
>> FYI, for those not on bugtraq.

    Darren> The "advisory" is suspect.

Whatever the credibility of this advisory, it seems the issue is handled
just by turning on privilege separation.

(1) Is that right?
(2) Can anyone tell me any reason not to turn it on (apart from a few
additional entries in the process table)? It's off in the default FreeBSD
4.7 config.

Robin Smith

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message



Relevant Pages

  • Re: OpenSSH Vulnerability
    ... > The advisory says all versions prior to 2.9.9 are ... > vulnerable and I see sftp-server is on by default in ... with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)
  • Re: Fwd: OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS
    ... > just by turning on privilege separation. ... an attacker shouldn't get root on your box ... (which is commented out in FreeBSD's config. ... with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)
  • Re: FreeBSD-SA-02:08.exec patch for 4.0-RELEASE systems
    ... > 4.0-RELEASE systems seems to be affected with problems in this advisory. ... So I wrote a patch for these systems. ... > these changes in code sufficient to avoid problems listed in advisory? ... with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)
  • RE: Wow
    ... According to the advisory, the ... > least intrusive change to -STABLE would be to uncomment the ... with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)
  • Re: samba vulnerability
    ... two ago concerning this logfile naming problem, ... advisory I can find concerning samba is: ... I do know that I received a warning from somewhere about ... with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)