Vulnerability Development mailing list archives

Re: OpenSSH Vulns (new?) Priv seperation

From: John Madden <maddenj () skynet ie>
Date: Wed, 26 Jun 2002 21:02:02 +0100

This was posted to Bugtraq earlier today. 

http://online.securityfocus.com/archive/1/278818/2002-06-23/2002-06-29/0

It's the ISS disclosure of the bug. I've read a few more mails about the
privsep issue and there's very mixed feelings about it. I have it
running with compression turned off on a debian server with kernel
2.2.20 since yesterday morning without any trouble. However, I also came
across a mail on the proftpd list (I think) where someone claimed to
have a root exploit already with this enabled. 

Basically, enabling privsep in the config limits the danger of the bug,
but doesn't fix it. If exploited successfully, the attacker will get a
shell which is chrooted and only gives sshd account. 

-- 
Chat ya later,

John.
--
BOFH excuse #51: Cosmic ray particles crashed through the hard disk platter

Current thread:

OpenSSH Vulns (new?) Priv seperation wirepair (Jun 26)
- Re: OpenSSH Vulns (new?) Priv seperation Valdis . Kletnieks (Jun 26)
- Re: OpenSSH Vulns (new?) Priv seperation John Madden (Jun 26)
- Re: OpenSSH Vulns (new?) Priv seperation Jose Nazario (Jun 26)
- Re: OpenSSH Vulns (new?) Priv seperation Michael Greenberg (Jun 28)
- <Possible follow-ups>
- RE: OpenSSH Vulns (new?) Priv seperation Peter Mueller (Jun 26)
  - RE: OpenSSH Vulns (new?) Priv seperation Michal Zalewski (Jun 26)