Bugtraq mailing list archives
Re: Fix for ssh-1.2.27 symlink/bind problem
From: wietse () PORCUPINE ORG (Wietse Venema)
Date: Mon, 25 Oct 1999 19:05:01 -0400
Markus Friedl:
On Wed, Oct 06, 1999 at 11:11:12AM -0400, Wietse Venema wrote:This is the second SSH vulnerability involving bind() (the other one involve port forwarding). They really ought to learn to perform operations with the right privilege level. With a little tooling (such as set_eugid()) it is quite easy.please note, that ssh dropped support for uid-swapping beginning with version 1.2.13: in order to avoid leakage of the private hostkey (e.g. in core-dumps)
I was talking about seteuid(), which leaves real uid == 0, so that the process remains protected against groping by unprivileged users. What was that with core dumps again? Any program that has access to secrets such as host keys should disable core dumps; not doing so would be negligent. Wietse
Current thread:
- Re: Fix for ssh-1.2.27 symlink/bind problem Scott Gifford (Oct 04)
- <Possible follow-ups>
- Re: Fix for ssh-1.2.27 symlink/bind problem Scott Gifford (Oct 04)
- SCO UnixWare 7.1 local root exploit Brock Tellier (Oct 05)
- Re: Fix for ssh-1.2.27 symlink/bind problem Casper Dik (Oct 06)
- Re: Fix for ssh-1.2.27 symlink/bind problem Phillip Vandry (Oct 06)
- Re: Fix for ssh-1.2.27 symlink/bind problem Wietse Venema (Oct 06)
- Re: Fix for ssh-1.2.27 symlink/bind problem Markus Friedl (Oct 25)
- Re: Fix for ssh-1.2.27 symlink/bind problem Wietse Venema (Oct 25)
- Re: Fix for ssh-1.2.27 symlink/bind problem Markus Friedl (Oct 26)
- Re: Fix for ssh-1.2.27 symlink/bind problem Wietse Venema (Oct 27)
- ExpressFS 2.x FTPServer remotely exploitable buffer overflow vulnerability Luciano Martins (Jul 29)
- Vulnerability in CMail SMTP Server Version 2.4: Remotely exploitable buffer Luciano Martins (Jul 29)
- AW: Mac OS 9 Idle Lock Bug Flothow, Sebastian (Oct 29)
- Re: Fix for ssh-1.2.27 symlink/bind problem Casper Dik (Oct 29)
- DoS attack for ircd's by oversized PTR record Goblin (Oct 29)
- Re: Fix for ssh-1.2.27 symlink/bind problem Eivind Eklund (Oct 29)
- URL Live! 1.0 WebServer UNYUN (Oct 28)
- Re: Fix for ssh-1.2.27 symlink/bind problem Markus Friedl (Oct 26)