[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <023101c38220$9156e020$1401000a@bigdog>
From: listuser at seifried.org (Kurt Seifried)
Subject: OpenSSH again - not really.
It looks possibly exploitable, but it needs privsep disabled. Many vendors
now enable privsep by default (in my opinion if a vendor does not or can not
enable privsep by default they have a misconfigured/broken OpenSSH package).
The workaround is pretty trivial, make sure the following line occurs in
your sshd config file:
UsePrivilegeSeparation yes
On recent Red Hat Linux versions and many others this is the default. You
can check that privsep is working, log in via ssh and do a process listing,
for each ssh connection you should see a pair of processes:
root 32624 0.0 0.1 6752 1916 ? S 16:06 0:00
/usr/sbin/sshd
seifried 32626 0.0 0.2 6776 2156 ? R 16:06 0:00
/usr/sbin/sshd
or
root 28354 0.0 0.1 372 1008 ?? Is 3:43PM 0:00.03 sshd:
seifried [priv] (sshd)
seifried 15019 0.0 0.1 416 912 ?? S 3:43PM 0:00.85 sshd:
seifried@...p0 (sshd)
As opposed to just one process running as root. Use privsep, be happy, don't
worry.
Kurt Seifried, kurt@...fried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/
Powered by blists - more mailing lists