Bugtraq mailing list archives

Re: OpenSSH's UseLogin option allows remote access with root privilege.

From: markus.friedl () INFORMATIK UNI-ERLANGEN DE (Markus Friedl)
Date: Mon, 12 Jun 2000 11:58:00 +0200


On Sat, Jun 10, 2000 at 02:54:25PM -0700, Phil Stracchino wrote:

*** session.c.orig    Fri May 19 19:49:31 2000
--- session.c Fri Jun  9 23:45:28 2000


this is a bad patch, the check for (options.use_login && command
!= NULL) should be compiled into sshd even if USE_PAM is defined.
a correct patch is attached.

moreover, i got some complaints from people who ship OpenSSH and
did not get notified in advance.  we don't all who ship OpenSSH,
so please tell me at <markus () openssh com> if you want to get notified
in the future.

<HR NOSHADE>
<UL>
<LI>text/plain attachment: 1_
</UL>

Current thread:

Re: format bugs, in addition to the wuftpd bug, (continued)
- - - Re: format bugs, in addition to the wuftpd bug Jason Axley (Jun 29)
    - Concerning the LDAP Enabled Netscape FTP Server Alfred Huger (Jun 27)
  - Glftpd privpath bugs... +fix Raymond Dijkxhoorn (Jun 26)
    - Re: Glftpd privpath bugs... +fix Scott (Jun 27)
- CONECTIVA LINUX SECURITY ANNOUNCEMENT - kernel Sergio Bruder (Jun 08)
- Sendmail & procmail local root exploits on Linux kernel up to 2.2.16pre5 Wojciech Purczynski (Jun 08)
- OpenSSH's UseLogin option allows remote access with root privilege. Markus Friedl (Jun 09)
  - Re: OpenSSH's UseLogin option allows remote access with root privilege. Bernhard Rosenkraenzer (Jun 10)
    - Re: OpenSSH's UseLogin option allows remote access with root privilege. Phil Stracchino (Jun 10)
    - IBM WebSphere JSP showcode vulnerability stuart.mcclure () FOUNDSTONE COM (Jun 11)
    - Re: OpenSSH's UseLogin option allows remote access with root privilege. Markus Friedl (Jun 12)
    - Using IP Filter to protect FW-1 4.0 (fwd) Darren Reed (Jun 12)
    - FreeBSD Security Advisory: FreeBSD-SA-00:25.alpha-dev-random FreeBSD Security Advisories (Jun 12)
    - RFPolicy for vulnerability disclosure rain forest puppy (Jun 12)
    - CGI: Selena Sol's WebBanner ( Random Banner Generator ) Vulnerability Johannes Westerink (Jun 12)
    - SmartFTP Daemon v0.2 Beta Build 9 - Remote Exploit Moritz Jodeit (Jun 13)
    - Ethics ?? : Re: local root on linux 2.2.15 Gerrie (Jun 10)
  - CONECTIVA LINUX SECURITY ANNOUNCEMENT - OPENSSH Andreas Hasenack (Jun 10)
- Trustix Security Advisory Oystein Viggen (Jun 09)
- Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC Tom Yu (Jun 09)
  - Remote DOS in linux rpc.lockd mmurray () FSCINTERNET COM (Jun 08)

(Thread continues...)