[UNIX] OpenSSH UseLogin Directive Vulnerability Leads to Remote Root Compromise
From: support@securiteam.comDate: 12/14/01
- Previous message: support@securiteam.com: "[NT] IE Denial of Service (Bad IMG Tag)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Fri, 14 Dec 2001 22:09:10 +0100 (CET)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
OpenSSH UseLogin Directive Vulnerability Leads to Remote Root Compromise
------------------------------------------------------------------------
SUMMARY
OpenSSH is an implementation of the Secure Shell protocol. When OpenSSH is
configured with the UseLogin directive equal to "yes", an intruder can
execute arbitrary code with the privileges of OpenSSH, usually root.
DETAILS
OpenSSH contains a vulnerability that permits an intruder to execute
arbitrary code. When the UseLogin directive is enabled, a user can set
environment variables that are used by login. An intruder can use this
vulnerability to execute commands with the privileges of OpenSSH, usually
root. UseLogin is not enabled by default; however, it is a common
configuration. The intruder must be able to authenticate to the system
using public key authentication.
Impact:
An intruder can use this vulnerability to execute commands with the
privileges of OpenSSH, usually root.
Solution:
OpenSSH 3.0.2 resolves this vulnerability and is available at:
<ftp://ftp.openbsd.com/pub/OpenBSD/OpenSSH/openssh-3.0.2.tgz>
ftp://ftp.openbsd.com/pub/OpenBSD/OpenSSH/openssh-3.0.2.tgz.
We strongly encourage you to review your configuration to determine
whether or not UseLogin is enabled. If the use of UseLogin is required at
your site, you may wish to temporarily disable access to the SSH service
until a patch can be applied.
ADDITIONAL INFORMATION
The information has been provided by
<mailto:cert@cert.org?Subject=VU%23157447 Feedback> CERT/CC.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[NT] IE Denial of Service (Bad IMG Tag)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
