james at angelos.ftech.co.uk
Tue Jun 25 04:44:02 PDT 2002
Quoting Thomas Lussnig <thomas.lussnig at bewegungsmelder.de>:
> i recived from RUS-CERT the news that OpenSSH including Version 3.3 has
> an security leak. It was not exactly defined by the openssh team. But
> they say with security separation it should be safe. Exact details
> should come on 1. July.
I already got this from Olaf at SuSE:
There's a new vulnerabiltiy in the OpenSSH daemon. The OpenSSH/OpenBSD
team does not release any details concerning this issue, except:
- This bug still exists in the most recent version, 3.3
- They are asking all users to upgrade to version 3.3 (sic),
and enable the PrivilegeSeparation option.
Setting PrivilegeSeparation to on causes large portions of the daemon
to run in a so-called "chroot jail", i.e. in a very restricted environment.
An attacker breaking this part of the SSH daemon will *not* obtain full
root privilege (as he would if sshd runs without this option), but
will find himself in an empty directory, inside a process running as
a non privileged user (he can still do some harm this way, but it's
a far cry from full root powers, of course).
The following appeared on Slashdot.org:
And an explanation of the new Privilege Seperation:
Again, this looks like the OpenSSH team are being as paranoid as possible and
this Privilege Seperation is to protect against the potential outcome of a
potential remote exploit of the SSHd.
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message
More information about the lfs-security