LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 03-07-2002, 11:37 AM   #1
jeremy
root
 
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 10,628

Rep: Reputation: 2658Reputation: 2658Reputation: 2658Reputation: 2658Reputation: 2658Reputation: 2658Reputation: 2658Reputation: 2658Reputation: 2658Reputation: 2658Reputation: 2658
OpenSSH Local Root Compromise is Possible


The bug, a simple off by one error, exists in all version of OpenSSH from OpenSSH versions 2.0 - 3.0.2 which covers quite a bit of time.

Quote:
Users with an existing user account can abuse this bug to gain root privileges. Exploitability without an existing user account has not been proven but is not considered impossible. A malicious ssh server could also use this bug to exploit a connecting vulnerable client.
A fix is available at http://www.openssh.com so you should stop reading this and go upgrade now.

--jeremy

http://www.pine.nl/advisories/pine-cert-20020301.txt
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
phpBB Compromise chris_yumm Linux - Security 6 07-22-2005 01:54 AM
OpenSSH, root login Duudson Linux - Security 7 01-30-2005 08:25 AM
Security Compromise apache Linux - Security 16 08-07-2004 11:29 PM
Has anyone seen anything posted on the bell.ca RDNS compromise? chort Linux - Security 3 12-06-2003 08:45 AM
Segfaults in commands, possible compromise? afubini Linux - Security 2 10-15-2003 07:51 AM


All times are GMT -5. The time now is 05:31 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration