On Fri, Nov 30, 2001 at 10:37:59AM -0800, ME wrote:
} The first message with URL suggest even 2.9.9p2 is open. The followup
} suggests that this is not the case. Hoever, the ssh1 crc compensation
} attack (with the int problem) may be/have been a different exploit than
} the one discussed in the URL of the fiirst post.
}
} Both published here for you to watch for more news on ssh exploits.
}
} (A bugtraq post a few days ago included ref to a bug in openssh 3.0.0 and
} a rumored bug in 3.0.1 but no specifics were offered - suggesting the
} open ssh 3.0.1 issue to be *just* a rumor at this point.
Found this on Newsgroup: comp.os.linux.security
Is this as serious as it sounds?
--------------------------------
OpenSSH 3.0.2 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
...
This release fixes a vulnerability in the UseLogin option
of OpenSSH. This option is not enabled in the default
installation of OpenSSH.
However, if UseLogin is enabled by the administrator, all
versions of OpenSSH prior to 3.0.2 may be vulnerable to
local attacks.
The vulnerability allows local users to pass environment
variables (e.g. LD_PRELOAD) to the login process. The login
process is run with the same privilege as sshd (usually
with root privilege).
Do not enable UseLogin on your machines or disable UseLogin
again in /etc/sshd_config:
UseLogin no
--
E Frank Ball efball at efball.com