Results 1 to 2 of 2

Thread: Multiple Vulnerabilities in SSH Implementations

  1. #1
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Beverwijk Netherlands

    Multiple Vulnerabilities in SSH Implementations

    source: cert.org

    The impact will vary for different vulnerabilities and products, but in severe cases, remote attackers could execute arbitrary code with the privileges of the SSH process. Both SSH clients and servers are affected, since both implement the SSH transport layer protocol. On Microsoft Windows systems, SSH servers commonly run with SYSTEM privileges, and on UNIX systems, SSH daemons typically run with root privileges. In the case of SSH clients, any attacker-supplied code would run with at least the privileges of the user who started the client program. Additional privileges may be afforded to an attacker when the SSH client is setuid or setgid to a more privileged user, such as root. Attackers could also crash a vulnerable SSH process, causing a denial of service.

    Note: this doesn't apply for most newer linux distro's, as they come with openSSH wich doesn't seem to be affected by this.

    This all came to light by the rapid7 advisory..
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  2. #2
    Join Date
    Dec 2002
    Thanxs, for tha alert!

    Cert.org always on top of things


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts