Re: OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS
Hi,
Johannes Verelst wrote:
>
> Summarized, this exploit only works if you have in your sshd_config:
>
> PAMAuthenticationViaKbdInt yes
> UsePrivilegeSeparation no
>
> The default values for both my unstable and stable debian boxes appear
> to be:
>
> PAMAuthenticationViaKbdInt no
> UsePrivilegeSeparation yes
potato box, installed potato:
PAMAuthenticationViaKbdInt yes
#UsePrivilegeSeparation yes
woody box, installed potato&upgraded:
PAMAuthenticationViaKbdInt yes
#UsePrivilegeSeparation yes
woody box, installed woody:
PAMAuthenticationViaKbdInt no
UsePrivilegeSeparation yes
But i think i am also not vulnerable because privsep is default since
3.3.
Regards,
Ralf Dreibrodt
Reply to: