Re: OpenSSH Vulns (new?) Priv seperation

From: John Madden (
Date: 06/26/02

Date: Wed, 26 Jun 2002 21:02:02 +0100
From: John Madden <>

This was posted to Bugtraq earlier today.

It's the ISS disclosure of the bug. I've read a few more mails about the
privsep issue and there's very mixed feelings about it. I have it
running with compression turned off on a debian server with kernel
2.2.20 since yesterday morning without any trouble. However, I also came
across a mail on the proftpd list (I think) where someone claimed to
have a root exploit already with this enabled.

Basically, enabling privsep in the config limits the danger of the bug,
but doesn't fix it. If exploited successfully, the attacker will get a
shell which is chrooted and only gives sshd account.

Chat ya later,

John. -- BOFH excuse #51: Cosmic ray particles crashed through the hard disk platter