[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] OpenSSH again - not really.
- To: <pdt@xxxxxxxxxxxxxx>, "Dumitru Stama" <dics@xxxxxxxxxxxxx>
- Subject: Re: [Full-Disclosure] OpenSSH again - not really.
- From: "Kurt Seifried" <listuser@xxxxxxxxxxxx>
- Date: Tue, 23 Sep 2003 16:18:07 -0600
It looks possibly exploitable, but it needs privsep disabled. Many vendors
now enable privsep by default (in my opinion if a vendor does not or can not
enable privsep by default they have a misconfigured/broken OpenSSH package).
The workaround is pretty trivial, make sure the following line occurs in
your sshd config file:
UsePrivilegeSeparation yes
On recent Red Hat Linux versions and many others this is the default. You
can check that privsep is working, log in via ssh and do a process listing,
for each ssh connection you should see a pair of processes:
root 32624 0.0 0.1 6752 1916 ? S 16:06 0:00
/usr/sbin/sshd
seifried 32626 0.0 0.2 6776 2156 ? R 16:06 0:00
/usr/sbin/sshd
or
root 28354 0.0 0.1 372 1008 ?? Is 3:43PM 0:00.03 sshd:
seifried [priv] (sshd)
seifried 15019 0.0 0.1 416 912 ?? S 3:43PM 0:00.85 sshd:
seifried@ttyp0 (sshd)
As opposed to just one process running as root. Use privsep, be happy, don't
worry.
Kurt Seifried, kurt@xxxxxxxxxxxx
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html