informacja pochodzi z serwisu BSDZine:
Markus Friedl opublikował oficjalny anons dotyczący wydania OpenSSH 3.0.2. Jak pisałem w komentarzu do historii o OpenSSH, wersja 3.0.2 naprawia błąd, dzięki któremu lokalny użytkownik systemu może wykonać dowolny kod z uprawnieniami z jakimi chodzi login oraz sshd, czyli zazwyczaj roota. Błąd występuje we wszystkich wersjach OpenSSH do wersji 3.0.1 włącznie i jest związany z opcją UseLogin Yes w sshd_config. W dalszej części historii znajduje się oficjalny anons.
Date: Tue, 4 Dec 2001 13:48:19 +0100
From: Markus Friedl <Markus_Friedl@genua.de> To: security-announce@openbsd.org
Subject: OpenSSH 3.0.2 fixes UseLogin vulnerability
OpenSSH 3.0.2 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support.
We would like to thank the OpenSSH community for their continued support and encouragement.
Important Changes:
This release fixes a vulnerability in the UseLogin option of OpenSSH. This option is not enabled in the default installation of OpenSSH.
However, if UseLogin is enabled by the administrator, all versions of OpenSSH prior to 3.0.2 may be vulnerable to local attacks.
The vulnerability allows local users to pass environment variables (e.g. LD_PRELOAD) to the login process. The login process is run with the same privilege as sshd (usually with root privilege).
Do not enable UseLogin on your machines or disable UseLogin again in /etc/sshd_config: UseLogin no
We also have received many reports about attacks against the crc32 bug. This bug has been fixed about 12 months ago in OpenSSH 2.3.0. However, these attacks cause non-vulnerable daemons to chew a lot of cpu since the crc32 attack sends a tremendously large amount of data which must be processed.
OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt, Kevin Steves, Damien Miller and Ben Lindstrom.
The following patch fixes the UseLogin vulnerability in OpenSSH 3.0.1 and earlier releases.
- session.c 11 Oct 2001 13:45:21 -0000 1.108
+++ session.c 1 Dec 2001 22:14:39 -0000 @@ -875,6 +875,7 @@
child_set_env(&env, &envsize, „TZ”, getenv(„TZ”));
/* Set custom environment options from RSA authentication. */
+ if (!options.use_login)
while (custom_environment) {
struct envstring *ce = custom_environment;
char *s = ce->s;
Archiwalny news dodany przez użytkownika: spaceman.
Kliknij tutaj by zobaczyć archiwalne komentarze.