[TCLUG] OpenSSH local root exploit

Thu Mar 7 12:24:01 CST 2002

Kelly Black <kelly-black at mediaone.net> wrote:
>
> Crap:
> Local root hole.  Could be more remote, but untested...
> More info here:
> http://www.pine.nl/advisories/pine-cert-20020301.txt

If the hole is also remotely-exploitable, ignore me, but I think most
folks can just `chmod -s /usr/bin/ssh' (removing the Set-UID flag) without
patching..  Of course, that's only a stop-gap solution.

SSH works fine without the Set-UID flag set, though I think you can't do
ssh RSA/DSA public key authentication (but that might no longer be the
case).

-- 
 _  _  _  _ _  ___    _ _  _  ___ _ _  __   I'm writing an unauthorized
/ \/ \(_)| ' // ._\  / - \(_)/ ./| ' /(__   autobiography.
\_||_/|_||_|_\\___/  \_-_/|_|\__\|_|_\ __)  
[ Mike Hicks | http://umn.edu/~hick0088/ | mailto:hick0088 at tc.umn.edu ]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20020307/a030323d/attachment.pgp