LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 03-07-2002, 10:37 AM   #1
jeremy
root
 
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 10,319

Rep: Reputation: 2612Reputation: 2612Reputation: 2612Reputation: 2612Reputation: 2612Reputation: 2612Reputation: 2612Reputation: 2612Reputation: 2612Reputation: 2612Reputation: 2612
OpenSSH Local Root Compromise is Possible


The bug, a simple off by one error, exists in all version of OpenSSH from OpenSSH versions 2.0 - 3.0.2 which covers quite a bit of time.

Quote:
Users with an existing user account can abuse this bug to gain root privileges. Exploitability without an existing user account has not been proven but is not considered impossible. A malicious ssh server could also use this bug to exploit a connecting vulnerable client.
A fix is available at http://www.openssh.com so you should stop reading this and go upgrade now.

--jeremy

http://www.pine.nl/advisories/pine-cert-20020301.txt
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
phpBB Compromise chris_yumm Linux - Security 6 07-22-2005 12:54 AM
OpenSSH, root login Duudson Linux - Security 7 01-30-2005 07:25 AM
Security Compromise apache Linux - Security 16 08-07-2004 10:29 PM
Has anyone seen anything posted on the bell.ca RDNS compromise? chort Linux - Security 3 12-06-2003 07:45 AM
Segfaults in commands, possible compromise? afubini Linux - Security 2 10-15-2003 06:51 AM


All times are GMT -5. The time now is 12:12 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration