Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Glibc Local Root Exploit
From: Ari Saastamoinen <oh3mqu () VIP FI>
Date: Thu, 11 Jan 2001 01:42:52 +0200

On Wed, 10 Jan 2001, Pedro Margate wrote:

install the ssh binary as suid root by default.  This can be disabled
during configuration or after the fact with chmod.  I believe that would

That exploit can use any suid root program which resolves host names. (For
example ping and traceroute) So you cannot fix that glibc explot only by
unsetting SUID bit of ssh client.

every ssh installation I've performed and it seems to work the same.  I'm
not sure what reason ssh has to be suid root, nobody I've asked has any
idea.

By default ssh client makes connection from source socket <1024, and it is
impossible without root privileges.  When you run the client as non root,
source socket will be >1023, but man can disable this kind of connections
by configuring the ssh daemon.

--
Ari Saastamoinen  oh3mqu+bugtraq () vip fi


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault