Subject: Re: Fwd: OpenSSH UseLogin proof of concept exploit
To: Emre Yildirim <emre.yildirim@us.army.mil>
From: Lubomir Sedlacik <salo@Xtrmntr.org>
List: netbsd-users
Date: 12/06/2001 04:23:51
--Q68bSM7Ycu6FN28Q
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
hi,
On Wed, Dec 05, 2001 at 09:21:48PM -0600, Emre Yildirim wrote:
> > though i still think there should be NetBSD security advisory released
> > and appropriate patches made. not every user of NetBSD is subscribed
> > there and someone could have UseLogin allowed for various reasons.
>=20
> Is this enabled by default? I'm not at my box right now, so I can't
> really check.
fortunately not, unless someone haven't set it for various reasons.
<snip>
OpenSSH 3.0.2 has just been released.
[...]
Important Changes:
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
This release fixes a vulnerability in the UseLogin option
of OpenSSH. This option is not enabled in the default
installation of OpenSSH.
However, if UseLogin is enabled by the administrator, all
versions of OpenSSH prior to 3.0.2 may be vulnerable to
local attacks.
The vulnerability allows local users to pass environment
variables (e.g. LD_PRELOAD) to the login process. The login
process is run with the same privilege as sshd (usually
with root privilege).
Do not enable UseLogin on your machines or disable UseLogin
again in /etc/sshd_config:
UseLogin no
[...]
</snip>
regards,
--=20
-- Lubomir Sedlacik <salo@Xtrmntr.org> ASCII Ribbon campaign against /"\=
--
-- <salo@silcnet.org> e-mail in gratuitous HTML and \ /=
--
-- Microsoft proprietary formats X =
--
-- PGPkey: http://Xtrmntr.org/salo.pgp / \=
--
-- Key Fingerprint: DBEC 8BEC 9A90 ECEC 0FEF 716E 59CE B70B 7E3B 70E2 =
--
--Q68bSM7Ycu6FN28Q
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (NetBSD)
Comment: For info see http://www.gnupg.org
iD8DBQE8DuTHWc63C347cOIRArsnAKC1psn8t68tRFAVj2GEHWZSOx3pEwCffo3F
x5KLmpBe4YqyAcbKnKTtT9E=
=Mf7+
-----END PGP SIGNATURE-----
--Q68bSM7Ycu6FN28Q--