[TCLUG] OpenSSH local root exploit

Thu Mar 7 12:49:00 CST 2002

This also affects sshd though, doesn't it?  Don't both executables make use
of the channels.c code?

Jay

> -----Original Message-----
> From: Mike Hicks [mailto:hick0088 at tc.umn.edu] 
> Sent: Thursday, March 07, 2002 12:23 PM
> To: tclug-list at mn-linux.org
> Subject: Re: [TCLUG] OpenSSH local root exploit
> 
> 
> Kelly Black <kelly-black at mediaone.net> wrote:
> >
> > Crap:
> > Local root hole.  Could be more remote, but untested...
> > More info here:
> > http://www.pine.nl/advisories/pine-cert-20020301.txt
> 
> If the hole is also remotely-exploitable, ignore me, but I think most
> folks can just `chmod -s /usr/bin/ssh' (removing the Set-UID 
> flag) without
> patching..  Of course, that's only a stop-gap solution.
> 
> SSH works fine without the Set-UID flag set, though I think 
> you can't do
> ssh RSA/DSA public key authentication (but that might no longer be the
> case).
> 
> -- 
>  _  _  _  _ _  ___    _ _  _  ___ _ _  __   I'm writing an 
> unauthorized
> / \/ \(_)| ' // ._\  / - \(_)/ ./| ' /(__   autobiography.
> \_||_/|_||_|_\\___/  \_-_/|_|\__\|_|_\ __)  
> [ Mike Hicks | http://umn.edu/~hick0088/ | 
> mailto:hick0088 at tc.umn.edu ]
> 