James Spinks james at
Tue Jun 25 04:44:02 PDT 2002

Quoting Thomas Lussnig <thomas.lussnig at>:
> i recived from RUS-CERT the news that OpenSSH including Version 3.3 has 
> an security leak. It was not exactly defined by the openssh team. But
> they say with security separation it should be safe. Exact details 
> should come on 1. July.

I already got this from Olaf at SuSE:

There's a new vulnerabiltiy in the OpenSSH daemon. The OpenSSH/OpenBSD
team does not release any details concerning this issue, except:

 -      This bug still exists in the most recent version, 3.3

 -      They are asking all users to upgrade to version 3.3 (sic),
         and enable the PrivilegeSeparation option.

Setting PrivilegeSeparation to on causes large portions of the daemon
to run in a so-called "chroot jail", i.e. in a very restricted environment.
An attacker breaking this part of the SSH daemon will *not* obtain full
root privilege (as he would if sshd runs without this option), but
will find himself in an empty directory, inside a process running as
a non privileged user (he can still do some harm this way, but it's
a far cry from full root powers, of course). 

The following appeared on

And an explanation of the new Privilege Seperation:

Again, this looks like the OpenSSH team are being as paranoid as possible and
this Privilege Seperation is to protect against the potential outcome of a
potential remote exploit of the SSHd.

James Spinks
Unsubscribe: send email to listar at
and put 'unsubscribe lfs-security' in the subject header of the message

More information about the lfs-security mailing list