Subject: Re: Fwd: OpenSSH UseLogin proof of concept exploit
To: Emre Yildirim <emre.yildirim@us.army.mil>
From: Lubomir Sedlacik <salo@Xtrmntr.org>
List: netbsd-users
Date: 12/06/2001 04:23:51 
--Q68bSM7Ycu6FN28Q
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

hi,

On Wed, Dec 05, 2001 at 09:21:48PM -0600, Emre Yildirim wrote:
> > though i still think there should be NetBSD security advisory released
> > and appropriate patches made. not every user of NetBSD is subscribed
> > there and someone could have UseLogin allowed for various reasons.
>=20
> Is this enabled by default?  I'm not at my box right now, so I can't
> really check.

fortunately not, unless someone haven't set it for various reasons.

<snip>

OpenSSH 3.0.2 has just been released.
[...]

Important Changes:
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

        This release fixes a vulnerability in the UseLogin option
        of OpenSSH.  This option is not enabled in the default
        installation of OpenSSH.

        However, if UseLogin is enabled by the administrator, all
        versions of OpenSSH prior to 3.0.2 may be vulnerable to
        local attacks.

        The vulnerability allows local users to pass environment
        variables (e.g. LD_PRELOAD) to the login process.  The login
        process is run with the same privilege as sshd (usually
        with root privilege).

        Do not enable UseLogin on your machines or disable UseLogin
        again in /etc/sshd_config:
		    UseLogin no
[...]

</snip>

regards,

--=20
-- Lubomir Sedlacik <salo@Xtrmntr.org>   ASCII Ribbon campaign against  /"\=
 --
--                  <salo@silcnet.org>   e-mail in gratuitous HTML and  \ /=
 --
--                                       Microsoft proprietary formats   X =
 --
-- PGPkey: http://Xtrmntr.org/salo.pgp                                  / \=
 --
-- Key Fingerprint: DBEC 8BEC 9A90 ECEC 0FEF  716E 59CE B70B 7E3B 70E2     =
 --

--Q68bSM7Ycu6FN28Q
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (NetBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE8DuTHWc63C347cOIRArsnAKC1psn8t68tRFAVj2GEHWZSOx3pEwCffo3F
x5KLmpBe4YqyAcbKnKTtT9E=
=Mf7+
-----END PGP SIGNATURE-----

--Q68bSM7Ycu6FN28Q--