oss-sec mailing list archives
CVE request: pam_ssh not dropping root gid(s)
From: Sebastian Krahmer <krahmer () suse de>
Date: Mon, 6 Jun 2011 11:26:57 +0200
Hi, In certain configs, pam_ssh is not completely dropping its privileges to user. It just forgets to call setgid() and initgroups(). A fix can be found at [1]. Can someone assign a CVE? thx, Sebastian [1] https://bugzilla.novell.com/show_bug.cgi?id=665061 -- ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmer () suse de - SuSE Security Team --- SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) Maxfeldstraße 5 90409 Nürnberg Germany
Current thread:
- CVE request: pam_ssh not dropping root gid(s) Sebastian Krahmer (Jun 06)
- Re: CVE request: pam_ssh not dropping root gid(s) Jan Lieskovsky (Jun 06)
- Re: CVE request: pam_ssh not dropping root gid(s) Thomas Biege (Jun 06)
- Re: CVE request: pam_ssh not dropping root gid(s) Josh Bressers (Jun 06)
- Re: CVE request: pam_ssh not dropping root gid(s) Sebastian Krahmer (Jun 07)
- Re: CVE request: pam_ssh not dropping root gid(s) Jan Lieskovsky (Jun 06)