[lists@globalintersec.com: Re: OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS]

ME dugan at passwall.com
Mon Jan 6 13:30:40 PST 2003


Even if this is a hoax, looking over the list, The PAM option is not
enabled by default from a source based install, and people on-top of
things should have Priv Sep enabled anyway.

(forwarding your incluson to lugod lists too.)

troy said:
> Don't panic yet...
>
> 	From: Global InterSec Research <lists at globalintersec.com>
> 	As some may have gathered, the advisory recently posted by
> 	mmhs at hushmail.com was indeed a fake, intended to highlight several
> unclear statements made in GIS2002062801.
>
> Enabling UsePrivilegeSeparation is still a good idea though...
> Redhat never provided packages with that capability did they?
>
>
> -ta
>
>
> ----- Forwarded message from Global InterSec Research
> <lists at globalintersec.com> -----
>
> From: Global InterSec Research <lists at globalintersec.com>
> Subject: Re: OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS
> Date: Mon, 06 Jan 2003 20:05:32 +0000
> Message-Id: <4.2.0.58.20030106192323.02d792e0 at 193.133.49.25>
> X-Mailer: UNKNOWN
> To: bugtraq at securityfocus.com
> Delivered-To: mailing list bugtraq at securityfocus.com
> Delivered-To: moderator for bugtraq at securityfocus.com
>
>
> As some may have gathered, the advisory recently posted by
> mmhs at hushmail.com  was indeed a fake, intended to highlight several
> unclear statements made in GIS2002062801.
>
> The advisory in question is currently being updated with more detailed
> information and will be  re-posted at:
> http://www.globalintersec.com/adv/openssh-2002062801.txt as soon as it
> becomes  available.
>
> Note that the kbd-init flaw described in GIS2002062801 was proven to be
> exploitable in our lab although not all evidence to demonstrate this was
> provided in the original advisory. A mistake was made in the original
> advisory draft, where chunk content data was shown, rather than the
> entire corrupted malloc chunk. This will be amended in the revision.
>
> Also note that to our knowledge there are currently no known,
> exploitable flaws in OpenSSH 3.5p1,  due to its use of PAM as suggested
> by mmhs at hushmail.com. It is almost certain that the posted bogus
> advisory was also intended to cause alarm amongst communities using
> OpenSSH, through miss-information.
>
>
> Global InterSec LLC.
>
> ----- End forwarded message -----





More information about the talk mailing list