D&C Lug - Home Page
Devon & Cornwall Linux Users' Group

[ Date Index ][ Thread Index ]
[ <= Previous by date / thread ] [ Next by date / thread => ]

[LUG] [SECURITY] [DSA-134-1] OpenSSH remote vulnerability



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Monday 24 June 2002 10:56 pm, Wichert Akkerman wrote:

Arghghghghhghgh this is the week of serious bugs!!

~ Theo

Package        : ssh
Problem type   : remote exploit
Debian-specific: no

Theo de Raadt announced that the OpenBSD team is working with ISS
on a remote exploit for OpenSSH (a free implementation of the
Secure SHell protocol). They are refusing to provide any details on
the vulnerability but instead are advising everyone to upgrade to
the latest release, version 3.3.

This version was released 3 days ago and introduced a new feature
to reduce the effect of exploits in the network handling code
called privilege separation.  Unfortunately this release has a few
known problems: compression does not work on all operating systems
since the code relies on specific mmap features, and the PAM
support has not been completed. There may be other problems as
well.

The new privilege separation support from Niels Provos changes ssh
to use a separate non-privileged process to handle most of the
work. This means any vulnerability in this part of OpenSSH can
never lead to a root compromise but only to access to a separate
account restricted to a chroot.

Theo made it very clear this new version does not fix the
vulnerability, instead by using the new privilege separation code
it merely reduces the risk since the attacker can only gain access
to a special account restricted in a chroot.



- -- 

Theo Zourzouvillys
http://zozo.org.uk/

Q:      Who cuts the grass on Walton's Mountain?
A:      Lawn Boy.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9F6oI448CrwpTn6YRAuktAJ9xBwY8IxFJhpZe43MRF0HWJP3B/wCg1yvJ
WSCj1mxlKT0y27MRK9V0PLs=
=nPqY
-----END PGP SIGNATURE-----


--
The Mailing List for the Devon & Cornwall LUG
Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the
message body to unsubscribe.


Lynx friendly