oss-sec mailing list archives
Re: CVE request: pam_ssh not dropping root gid(s)
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Mon, 06 Jun 2011 17:06:40 +0200
Hello, Sebastian, thanks for the report. On 06/06/2011 11:26 AM, Sebastian Krahmer wrote:
Hi, In certain configs, pam_ssh is not completely dropping its privileges to user. It just forgets to call setgid() and initgroups(). A fix can be found at [1]. Can someone assign a CVE? thx, Sebastian [1] https://bugzilla.novell.com/show_bug.cgi?id=665061
Unfortunately not able to access this entry. Would it be possible to make it public? (for further details & CVE assignment). Or will be
access granted per email address approach necessary? Thank you & Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE request: pam_ssh not dropping root gid(s) Sebastian Krahmer (Jun 06)
- Re: CVE request: pam_ssh not dropping root gid(s) Jan Lieskovsky (Jun 06)
- Re: CVE request: pam_ssh not dropping root gid(s) Thomas Biege (Jun 06)
- Re: CVE request: pam_ssh not dropping root gid(s) Josh Bressers (Jun 06)
- Re: CVE request: pam_ssh not dropping root gid(s) Sebastian Krahmer (Jun 07)
- Re: CVE request: pam_ssh not dropping root gid(s) Jan Lieskovsky (Jun 06)