OpenSSH Local User Privilege Escalation Vulnerability

    Date07 Mar 2002
    CategoryCryptography
    2704
    Posted ByAnthony Pell
    "A bug exists in the channel code of OpenSSH versions 2.0 - 3.0.2 Users with an existing user account can abuse this bug to gain root privileges. Exploitability without an existing user account has not been proven but is not considered impossible. A malicious ssh server could also use this bug to exploit a connecting vulnerable client.". . . "A bug exists in the channel code of OpenSSH versions 2.0 - 3.0.2 Users with an existing user account can abuse this bug to gain root privileges. Exploitability without an existing user account has not been proven but is not considered impossible. A malicious ssh server could also use this bug to exploit a connecting vulnerable client."

    Many vendors have already issued vulnerabilities. Check out the LinuxSecurity Advisory page for a complete listing.

     -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1  - -----------------------------------------------------------------------------  Pine Internet Security Advisory - -----------------------------------------------------------------------------  Advisory ID       : PINE-CERT-20020301  Authors           : Joost Pol   Issue date        : 2002-03-07  Application       : OpenSSH  Version(s)        : All versions between 2.0 and 3.0.2  Platforms         : multiple  Vendor informed   : 20020304  Availability      : http://www.pine.nl/advisories/pine-cert-20020301.txt - -----------------------------------------------------------------------------  Synopsis          A bug exists in the channel code of OpenSSH versions 2.0 - 3.0.2          Users with an existing user account can abuse this bug to         gain root privileges. Exploitability without an existing         user account has not been proven but is not considered         impossible. A malicious ssh server could also use this bug          to exploit a connecting vulnerable client.  Impact          HIGH: Existing users will gain root privileges.  Description          Simple off by one error. Patch included.  Solution          The OpenSSH project will shortly release version 3.1.                   Upgrading to this version is highly recommended.           This version will be made available at http://www.openssh.com          The FreeBSD port of OpenSSH has been updated to reflect the          patches as supplied in this document.          OpenSSH CVS has been updated, see                  http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ \         channels.c.diff?r1=1.170&r2=1.171          Or apply the attached patch as provided by PINE Internet:          http://www.pine.nl/advisories/pine-cert-20020301.patch   -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org  iEYEARECAAYFAjyHaKkACgkQDNrSylhGGb3p2ACfXZu3WShzGT4Mp/LgwA6AZStu rtkAn3O83WzyNijdJ9+9OwLJxUcVj4Ld =j+Hz -----END PGP SIGNATURE----- 
    You are not authorised to post comments.

    LinuxSecurity Poll

    Do you reuse passwords across multiple accounts?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    13
    radio
    [{"id":"55","title":"Yes","votes":"4","type":"x","order":"1","pct":100,"resources":[]},{"id":"56","title":"No","votes":"0","type":"x","order":"2","pct":0,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.