Re: OpenSSH Vulns (new?) Priv seperation

From: John Madden (maddenj@skynet.ie)
Date: 06/26/02


Date: Wed, 26 Jun 2002 21:02:02 +0100
From: John Madden <maddenj@skynet.ie>
To: vuln-dev@securityfocus.com

This was posted to Bugtraq earlier today.

http://online.securityfocus.com/archive/1/278818/2002-06-23/2002-06-29/0

It's the ISS disclosure of the bug. I've read a few more mails about the
privsep issue and there's very mixed feelings about it. I have it
running with compression turned off on a debian server with kernel
2.2.20 since yesterday morning without any trouble. However, I also came
across a mail on the proftpd list (I think) where someone claimed to
have a root exploit already with this enabled.

Basically, enabling privsep in the config limits the danger of the bug,
but doesn't fix it. If exploited successfully, the attacker will get a
shell which is chrooted and only gives sshd account.

-- 
Chat ya later,

John. -- BOFH excuse #51: Cosmic ray particles crashed through the hard disk platter



Relevant Pages

  • Re: Thunderbird Showstopper? (Was: Re: =?iso-8859-1?Q?Tastaturbelegun?= =?iso-8859-1
    ... die Entwickler gravierende Fehler (Showstopper) wiederholt ignorieren. ... Ich benutze seit einiger Zeit TB (bin mit meinen kompletten Eudora Mails ... | From: Andreas Borutta ... | Ich konnte den Bug hier auch reproduzieren. ...
    (de.comp.sys.mac.misc)
  • Re: Queue wird nicht abgearbeitet
    ... Naja als "nur" ein Bug würde ich das nicht bezeichnen ... ... Zudem nutzen wir die neue 2003 Version ... >Fakt ist jedoch, das Exchange manchmal Message-ID's ... >>Mails laufen dort auf, werden aber nicht weitergeleitet ...
    (microsoft.public.de.german.exchange2000.general)
  • Re: Gmail account and this mailinglist
    ... >> To all who follow this list by getting the mails through a Gmail account ... Who said this is a bug? ... Thanks for pointing out where to file bugs, ...
    (Fedora)
  • Re: The "race" that Theo sought to avoid has begun (Was: OpenSSH Advisory)
    ... >>Theo did you a favor when he released his letter. ... > PrivSep before the details of the bug were revealed. ... configuration file change that can fix things until admins have time ...
    (FreeBSD-Security)
  • Re: String processing bug in .net 2?
    ... > wierd processing bug(?) with in .net 2.0 ... > The app has the following lines. ... > and then mails the message. ... > remove the 's the line wraps! ...
    (microsoft.public.dotnet.languages.csharp)