Vulnerability Development mailing list archives
Re: OpenSSL Vulnerability and OpenSSH
From: Markus Friedl <markus () openbsd org>
Date: Mon, 23 Sep 2002 10:33:41 +0200
On Sat, Sep 21, 2002 at 09:43:48AM -0700, nestler () speakeasy net wrote:
I see a call to d2i_X509() in scard-opensc.c. This function uses the ASN.1 parser. I also see a call to PEM_read_PrivateKey() in authfile.c. That function also uses the ASN.1 parser. That last one gets used in a few different places in the SSH code (indirectly via key_load_private*()).
yes, but that's a completely different problem.
Are you sure that none of these are problems? The SSH client is installed setuid root in some places and it would load potentially malicious private keys during the course of public key authentication without an agent. It seems like that could be a problem (at least a local problem).
the ssh client should not be installed setuid root with 3.4p1. if installed setuid root, then the ssh client should drop privilegues before loading the private user keys.
Current thread:
- dictionary alex hajii (Sep 17)
- Re: dictionary dphull (Sep 18)
- Re: dictionary Jose Nazario (Sep 18)
- Re: dictionary Mark Ellzey (Sep 18)
- Re: dictionary ejb3 (Sep 18)
- Re: dictionary Paul Halliday (Sep 18)
- OpenSSL Vulnerability and OpenSSH Eric Maiwald (Sep 20)
- Re: OpenSSL Vulnerability and OpenSSH Markus Friedl (Sep 20)
- Message not available
- Re: OpenSSL Vulnerability and OpenSSH Markus Friedl (Sep 23)
- Re: OpenSSL Vulnerability and OpenSSH Markus Friedl (Sep 23)
- OpenSSL Vulnerability and OpenSSH Eric Maiwald (Sep 20)
- Message not available
- Re: OpenSSL Vulnerability and OpenSSH Markus Friedl (Sep 23)
- Re: dictionary dphull (Sep 18)
- <Possible follow-ups>
- Re: dictionary gminick (Sep 18)