Bugtraq mailing list archives
Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy]
From: egriffis () COMMONTECH COM (Eric Griffis)
Date: Thu, 30 Sep 1999 12:04:14 -0700
This race condition was pointed out to me a little while before my message made it to the list, and I am still puzzled as to how one would get the timing right to perform such a maneuvre. Is there a way to somehow detect that there's been an lstat performed without being superuser? Also, I think the amount of processor time it takes to create a symbolic link is multiple times larger than the amount of time between the return of lstat and actual socket creation, which would require the sshd process to hang temporarily or be seriously slowed down. Is that feasible? How would these things be done, or is there something I missed? I'm very familiar with C and the unix environment, but the security-related aspects still puzzle me somewhat. Even though this isn't the most critical security issue, I appreciate any feedback. Okay, I see a few other messages about popen, permissions and such... At the moment, I believe disabling remote agent services entirely is the only sure way to remedy the whole issue, which will require password authentication. And sshd needs to be run as root to perform authentication. I don't think there's an easy way around that one. -Eric
Current thread:
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Eric Griffis (Sep 30)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Dan Astoorian (Oct 01)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Jeff Long (Oct 04)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Valdis.Kletnieks () VT EDU (Oct 01)
- Team Asylum: iHTML Merchant (Follow-up) Team Asylum (Oct 01)
- RFP9903: AeDebug vulnerability .rain.forest.puppy. (Oct 01)
- Re: RFP9903: AeDebug vulnerability Matt (Oct 04)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Pavel Kankovsky (Oct 02)
- Buffer Overflows and Remote Root Exploits Crispin Cowan (Oct 02)
- (no subject) Dennis Conrad (Oct 03)
- Re: Sample DOS against the Sambar HTTP-Server Steve (Oct 06)
(Thread continues...)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Dan Astoorian (Oct 01)