Fwd: OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS

ME dugan at passwall.com
Mon Jan 6 12:42:28 PST 2003


See original announcement:
http://online.securityfocus.com/archive/1/305311/2003-01-03/2003-01-09/0

Summary: requires PAM, and enabling of PAM auth in sshd_config

Also a summary from the above URL:

WORK AROUND
  - -----------

  As mentioned in http://www.openssh.com/txt/preauth.adv, and as
  demonstrated by noir in http://www.phrack.org/phrack/60/p60-0x06.txt,
  "you can prevent privilege escalation if you enable
  UsePrivilegeSeparation in sshd_config."





More information about the talk mailing list