Bugtraq mailing list archives
Re: OpenSSH's UseLogin option allows remote access with root privilege.
From: markus.friedl () INFORMATIK UNI-ERLANGEN DE (Markus Friedl)
Date: Mon, 12 Jun 2000 11:58:00 +0200
On Sat, Jun 10, 2000 at 02:54:25PM -0700, Phil Stracchino wrote:
*** session.c.orig Fri May 19 19:49:31 2000 --- session.c Fri Jun 9 23:45:28 2000
this is a bad patch, the check for (options.use_login && command != NULL) should be compiled into sshd even if USE_PAM is defined. a correct patch is attached. moreover, i got some complaints from people who ship OpenSSH and did not get notified in advance. we don't all who ship OpenSSH, so please tell me at <markus () openssh com> if you want to get notified in the future. <HR NOSHADE> <UL> <LI>text/plain attachment: 1_ </UL>
Current thread:
- Re: format bugs, in addition to the wuftpd bug, (continued)
- Re: format bugs, in addition to the wuftpd bug Jason Axley (Jun 29)
- Concerning the LDAP Enabled Netscape FTP Server Alfred Huger (Jun 27)
- Glftpd privpath bugs... +fix Raymond Dijkxhoorn (Jun 26)
- Re: Glftpd privpath bugs... +fix Scott (Jun 27)
- CONECTIVA LINUX SECURITY ANNOUNCEMENT - kernel Sergio Bruder (Jun 08)
- Sendmail & procmail local root exploits on Linux kernel up to 2.2.16pre5 Wojciech Purczynski (Jun 08)
- OpenSSH's UseLogin option allows remote access with root privilege. Markus Friedl (Jun 09)
- Re: OpenSSH's UseLogin option allows remote access with root privilege. Bernhard Rosenkraenzer (Jun 10)
- Re: OpenSSH's UseLogin option allows remote access with root privilege. Phil Stracchino (Jun 10)
- IBM WebSphere JSP showcode vulnerability stuart.mcclure () FOUNDSTONE COM (Jun 11)
- Re: OpenSSH's UseLogin option allows remote access with root privilege. Markus Friedl (Jun 12)
- Using IP Filter to protect FW-1 4.0 (fwd) Darren Reed (Jun 12)
- FreeBSD Security Advisory: FreeBSD-SA-00:25.alpha-dev-random FreeBSD Security Advisories (Jun 12)
- RFPolicy for vulnerability disclosure rain forest puppy (Jun 12)
- CGI: Selena Sol's WebBanner ( Random Banner Generator ) Vulnerability Johannes Westerink (Jun 12)
- SmartFTP Daemon v0.2 Beta Build 9 - Remote Exploit Moritz Jodeit (Jun 13)
- Ethics ?? : Re: local root on linux 2.2.15 Gerrie (Jun 10)
- Re: OpenSSH's UseLogin option allows remote access with root privilege. Bernhard Rosenkraenzer (Jun 10)
- CONECTIVA LINUX SECURITY ANNOUNCEMENT - OPENSSH Andreas Hasenack (Jun 10)
- Trustix Security Advisory Oystein Viggen (Jun 09)
- Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC Tom Yu (Jun 09)
- Remote DOS in linux rpc.lockd mmurray () FSCINTERNET COM (Jun 08)