Bugtraq mailing list archives

Re: Fix for ssh-1.2.27 symlink/bind problem

From: markus.friedl () INFORMATIK UNI-ERLANGEN DE (Markus Friedl)
Date: Tue, 26 Oct 1999 22:07:05 +0200


On Mon, Oct 25, 1999 at 07:05:01PM -0400, Wietse Venema wrote:

I was talking about seteuid(), which leaves real uid == 0, so that
the process remains protected against groping by unprivileged users.


all I was trying to say is:
  1) ssh _did_ use seteuid() for swapping uids (until version 1.2.12. ossh
     and openssh still use seteuid() and are not vulnerable to this attack).
  2) post-ssh-1.2.12 uses a different, more complex approach and failes.

Current thread:

Re: Fix for ssh-1.2.27 symlink/bind problem, (continued)
- - - Re: Fix for ssh-1.2.27 symlink/bind problem Wietse Venema (Oct 25)
    - Re: Fix for ssh-1.2.27 symlink/bind problem Markus Friedl (Oct 26)
    - Re: Fix for ssh-1.2.27 symlink/bind problem Wietse Venema (Oct 27)
    - ExpressFS 2.x FTPServer remotely exploitable buffer overflow vulnerability Luciano Martins (Jul 29)
    - Vulnerability in CMail SMTP Server Version 2.4: Remotely exploitable buffer Luciano Martins (Jul 29)
    - AW: Mac OS 9 Idle Lock Bug Flothow, Sebastian (Oct 29)
    - Re: Fix for ssh-1.2.27 symlink/bind problem Casper Dik (Oct 29)
    - DoS attack for ircd's by oversized PTR record Goblin (Oct 29)
    - Re: Fix for ssh-1.2.27 symlink/bind problem Eivind Eklund (Oct 29)
    - URL Live! 1.0 WebServer UNYUN (Oct 28)
    - Re: Fix for ssh-1.2.27 symlink/bind problem Markus Friedl (Oct 26)
    - Re: Fix for ssh-1.2.27 symlink/bind problem Wietse Venema (Oct 26)
    - Falcon Web Server Advisory (Oct 26)