Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Glibc Local Root Exploit
From: Jerry Connolly <jerry.connolly () EIRCOM NET>
Date: Wed, 10 Jan 2001 23:47:52 +0000

Pedro Margate said the following on Wed, Jan 10, 2001 at 01:40:39PM -0500,
The implementations of ssh that I'm familiar with (ssh and OpenSSH)
install the ssh binary as suid root by default.  This can be disabled
during configuration or after the fact with chmod.  I believe that would
prevent this exploit from operating.  I've turned off the suid bit on
every ssh installation I've performed and it seems to work the same.  I'm
not sure what reason ssh has to be suid root, nobody I've asked has any

If you have the following options set in ssh_config
   RhostsAuthentication yes
   RhostsRSAAuthentication yes
   UsePrivilegedPort yes
then ssh will connect from a privileged port, which requires root privileges.

Jerry Connolly, Eircom.net CIRT

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]