Bugtraq mailing list archives
Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy]
From: solar () FALSE COM (Solar Designer)
Date: Tue, 28 Sep 1999 08:22:01 +0400
Hi,
This is from a post I made to BugTraq on September 17, entitled "A few bugs...". If you're running Linux, it appears kernels pre 2.1 will not be affected by this bug as they do not follow symlinks when creating UNIX domain sockets (Solar Designer pointed this out after trying the exploit on a 2.0.38 kernel; I tested on a 2.0.34 kernel, and from there I'm generalizing).
The same applies to mknod(2), which follows dangling symlinks on Linux 2.2, but doesn't on 2.0. I've changed the code not to follow such symlinks for both mknod(2) and bind(2), in 2.2.12-ow6. As I am posting this anyway, -- other changes to the -ow patch for 2.2 since I've announced it here include the real exit_signal fix, and the TCP sequence number fix I took from 2.2.13pre14. (Speaking of the latter, it's funny how most of the randomness went into the wrong place on the stack, and probably remained unnoticed because of the fairly large and unused at the time "struct tcp_opt". 2.0 isn't vulnerable. Yet another reason to continue running 2.0.38.) Signed, Solar Designer
Current thread:
- [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Marc SPARC (Sep 23)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Tymm Twillman (Sep 26)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Solar Designer (Sep 27)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Dan Astoorian (Sep 27)
- ufsdump problem under Solaris 2.6 with ufs.c posix (Sep 27)
- Re: ufsdump problem under Solaris 2.6 with ufs.c Carson Gaspar (Sep 29)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Sean-Paul Rees (Sep 27)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Valdis.Kletnieks () VT EDU (Sep 27)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Alan Cox (Sep 28)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Mike Iglesias (Sep 28)
- Team Asylum: iHTML Merchant Vulnerabilities Team Asylum (Sep 28)
- Team Asylum: Yahoo! Messenger DoS Team Asylum (Sep 28)
- Sun's TTSESSION Vulnerability Bauer, Rich (Sep 29)
- ufsdump problem under Solaris 2.6 with ufs.c posix (Sep 27)
(Thread continues...)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Tymm Twillman (Sep 26)