Fwd: OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS
ME
dugan at passwall.com
Mon Jan 6 12:42:28 PST 2003
See original announcement:
http://online.securityfocus.com/archive/1/305311/2003-01-03/2003-01-09/0
Summary: requires PAM, and enabling of PAM auth in sshd_config
Also a summary from the above URL:
WORK AROUND
- -----------
As mentioned in http://www.openssh.com/txt/preauth.adv, and as
demonstrated by noir in http://www.phrack.org/phrack/60/p60-0x06.txt,
"you can prevent privilege escalation if you enable
UsePrivilegeSeparation in sshd_config."
More information about the talk
mailing list