OpenSSH

James Spinks james at angelos.ftech.co.uk
Tue Jun 25 04:44:02 PDT 2002


Quoting Thomas Lussnig <thomas.lussnig at bewegungsmelder.de>:
> i recived from RUS-CERT the news that OpenSSH including Version 3.3 has 
> an security leak. It was not exactly defined by the openssh team. But
> they say with security separation it should be safe. Exact details 
> should come on 1. July.


I already got this from Olaf at SuSE:

---------------
There's a new vulnerabiltiy in the OpenSSH daemon. The OpenSSH/OpenBSD
team does not release any details concerning this issue, except:

 -      This bug still exists in the most recent version, 3.3

 -      They are asking all users to upgrade to version 3.3 (sic),
         and enable the PrivilegeSeparation option.

Setting PrivilegeSeparation to on causes large portions of the daemon
to run in a so-called "chroot jail", i.e. in a very restricted environment.
An attacker breaking this part of the SSH daemon will *not* obtain full
root privilege (as he would if sshd runs without this option), but
will find himself in an empty directory, inside a process running as
a non privileged user (he can still do some harm this way, but it's
a far cry from full root powers, of course). 
---------------


The following appeared on Slashdot.org:
http://slashdot.org/article.pl?sid=02/06/24/1912215&mode=thread&tid=167
http://bsd.slashdot.org/article.pl?sid=02/06/22/1831224&tid=172


And an explanation of the new Privilege Seperation:
http://www.citi.umich.edu/u/provos/ssh/privsep.html


Again, this looks like the OpenSSH team are being as paranoid as possible and
this Privilege Seperation is to protect against the potential outcome of a
potential remote exploit of the SSHd.

-- 
James Spinks
-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message



More information about the lfs-security mailing list