Re: OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS

To: debian-security@lists.debian.org
Subject: Re: OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS
From: Johannes Verelst <johannes@verelst.net>
Date: 06 Jan 2003 19:57:57 +0100
Message-id: <[🔎] 1041879100.8454.22.camel@naboo.verelst.net>
In-reply-to: <[🔎] 663094E307F13E459D80FB7C5A830C10A55483@loire.internal.nextra.hu>
References: <[🔎] 663094E307F13E459D80FB7C5A830C10A55483@loire.internal.nextra.hu>

On Mon, 2003-01-06 at 18:44, Domonkos Czinke wrote:
> FYI

Note:

> > Before the SSH server is actually executed, the sshd_config file should
> > be modified in order to enable PAM ("PAMAuthenticationViaKbdInt yes").

and

> > "you can prevent privilege escalation if you enable
> > UsePrivilegeSeparation in sshd_config."

Summarized, this exploit only works if you have in your sshd_config:

	PAMAuthenticationViaKbdInt yes
	UsePrivilegeSeparation no

The default values for both my unstable and stable debian boxes appear
to be:

	PAMAuthenticationViaKbdInt no
	UsePrivilegeSeparation yes

(according to both manpage and the files themselves)

This means that, if you haven't modified your default sshd installation,
you are safe from this vulnerability.

Kind regards,

Johannes Verelst
-- 
jverelst@cs.uu.nl      | It is always possible to aglutenate multiple
johannes@verelst.net   | seperate problems into a single complex inter-
johannes.verelst@eo.nl | dependent solution. In most cases this is a
PGP ID: 0xFED127BD     | bad idea. (RFC 1925, Truth 5)
http://www.verelst.net |

Reply to:

Follow-Ups:
- Re: OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS
  - From: Ralf Dreibrodt <rd@mesos.de>

References:
- OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS
  - From: "Domonkos Czinke" <domonkos.czinke@nextra.hu>

Prev by Date: OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS
Next by Date: Re: OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS
Previous by thread: OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS
Next by thread: Re: OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS
Index(es):
- Date
- Thread