jeremy |
03-07-2002 10:37 AM |
OpenSSH Local Root Compromise is Possible
The bug, a simple off by one error, exists in all version of OpenSSH from OpenSSH versions 2.0 - 3.0.2 which covers quite a bit of time.
Quote:
Users with an existing user account can abuse this bug to gain root privileges. Exploitability without an existing user account has not been proven but is not considered impossible. A malicious ssh server could also use this bug to exploit a connecting vulnerable client.
|
A fix is available at http://www.openssh.com so you should stop reading this and go upgrade now.
--jeremy
http://www.pine.nl/advisories/pine-cert-20020301.txt
|