Results 1 to 2 of 2

Thread: SSH Restricted Shell Escaping Command Execution Vulnerability.

  1. #1
    Senior Member
    Join Date
    Nov 2001
    Posts
    742

    SSH Restricted Shell Escaping Command Execution Vulnerability.

    SSH Restricted Shell Escaping Command Execution Vulnerability

    Source: SecurityFocus.

    SSH (and derivatives) is the protocol Secure Shell protocol
    implementation. It is available for various operating systems, although
    this vulnerability affects operating systems such as Unix and Linux.

    A problem with the package could make it possible for remote users to
    execute unauthorized programs. The problem is in the handling of command
    line execution.

    Most versions of SSH permit the execution of commands remotely via the
    supplying the command name wrapped in single quotes. This can allow
    remote users to execute commands without logging directly into a shell on
    the system.

    It has been reported that it is possible for a remote user to upload files
    to world-writeable directories, and execute commands from world-writeable
    directories. In doing so, a user may be able to upload a script, and
    execute the script to gain access to a regular shell on the system. This
    would allow the user unrestricted, but unprivileged access.

    SecurityFocus staff have been unable to reproduce this vulnerability with
    OpenSSH version 3.1p1.

  2. #2
    Senior Member
    Join Date
    Apr 2002
    Posts
    711
    Hmmm... might be an interesting one to try to reproduce - though, last I remember, I thought SSH was supposed to drop all extended privs before fork-exec'ing a shell on the user's behalf. Then again, perhaps it's a caveat with the way command invocation works (versus an interactive shell).

    Though looking at the vulnerable versions, it also would appear that it's the old SSH daemons that no one should be using anymore, anyway (ie. old F-Secure 1.x and early 2.x daemons). Time to go futz around... (if I find anything, I'll let everyone know)

    Oh well... caveat emptor, I guess.
    \"Windows has detected that a gnat has farted in the general vicinity. You must reboot for changes to take affect. Reboot now?\"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •