Re: [SECURITY] [DSA-134-2] Unknown OpenSSH remote vulnerability

[Alain Tesio <alain@onesite.org>]

On Tue, 25 Jun 2002 14:50:30 +0000 (UTC)
Rob Andrews <rob@impure.org.uk> wrote:

> 
> Oh, the package created an 'sshd' user, and set it's homedir to
> $HOMEDIRS/sshd, but didn't create the homedir itself. Since there isn't any
> PoC code to test this with, I don't know how the chroot will end up. Anyone
> got any ideas? I'd hate for the sandbox to end up being /.

I installed it on woody, no problem (I didn't understand what's the problem
with PAM, I have the default config with no authentification I can
think at other than /etc/passwd and /etc/shadow)

Indeed it's using a chroot call relatively early, it changes the user to sshd
and the group to nogroup :

[pid 11197] chroot("/var/run/sshd")     = 0
[pid 11197] chdir("/")                  = 0
[pid 11197] getuid32()                  = 0
[pid 11197] setgid32(0xfffe)            = 0
[pid 11197] open("/etc/group", O_RDONLY) = -1 ENOENT (No such file or directory)
[pid 11197] setgroups32(0x1, 0x8094128) = 0
[pid 11197] setgid32(0xfffe)            = 0
[pid 11197] setuid32(0x6d)              = 0
[pid 11197] getuid32()                  = 109
[pid 11197] geteuid32()                 = 109

Alain


-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org