Full Disclosure mailing list archives
Re: OpenSSH again - not really.
From: "Kurt Seifried" <listuser () seifried org>
Date: Tue, 23 Sep 2003 16:18:07 -0600
It looks possibly exploitable, but it needs privsep disabled. Many vendors now enable privsep by default (in my opinion if a vendor does not or can not enable privsep by default they have a misconfigured/broken OpenSSH package). The workaround is pretty trivial, make sure the following line occurs in your sshd config file: UsePrivilegeSeparation yes On recent Red Hat Linux versions and many others this is the default. You can check that privsep is working, log in via ssh and do a process listing, for each ssh connection you should see a pair of processes: root 32624 0.0 0.1 6752 1916 ? S 16:06 0:00 /usr/sbin/sshd seifried 32626 0.0 0.2 6776 2156 ? R 16:06 0:00 /usr/sbin/sshd or root 28354 0.0 0.1 372 1008 ?? Is 3:43PM 0:00.03 sshd: seifried [priv] (sshd) seifried 15019 0.0 0.1 416 912 ?? S 3:43PM 0:00.85 sshd: seifried@ttyp0 (sshd) As opposed to just one process running as root. Use privsep, be happy, don't worry. Kurt Seifried, kurt () seifried org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- OpenSSH again Dumitru Stama (Sep 23)
- Re: OpenSSH again pdt (Sep 23)
- Re: OpenSSH again - not really. Kurt Seifried (Sep 23)
- Re: OpenSSH again - not really. security snot (Sep 24)
- ** OFFTOPIC ** OpenSSH again - not really. Kurt Seifried (Sep 24)
- Re: OpenSSH again - not really. Kurt Seifried (Sep 23)
- Re: OpenSSH again pdt (Sep 23)