Results 1 to 2 of 2

Thread: Multiple Vulnerabilities in SSH Implementations

  1. December 20th, 2002, 11:28 AM #1
    the_JinX
    the_JinX is offline
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,534

    Multiple Vulnerabilities in SSH Implementations

    source: cert.org

    The impact will vary for different vulnerabilities and products, but in severe cases, remote attackers could execute arbitrary code with the privileges of the SSH process. Both SSH clients and servers are affected, since both implement the SSH transport layer protocol. On Microsoft Windows systems, SSH servers commonly run with SYSTEM privileges, and on UNIX systems, SSH daemons typically run with root privileges. In the case of SSH clients, any attacker-supplied code would run with at least the privileges of the user who started the client program. Additional privileges may be afforded to an attacker when the SSH client is setuid or setgid to a more privileged user, such as root. Attackers could also crash a vulnerable SSH process, causing a denial of service.

    Note: this doesn't apply for most newer linux distro's, as they come with openSSH wich doesn't seem to be affected by this.

    This all came to light by the rapid7 advisory..
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.
    Get your ass over to SLAYRadio the best station for C64 Remixes !
    Reply With Quote Reply With Quote
  2. December 20th, 2002, 04:26 PM #2
    phaza7
    phaza7 is offline
    Banned
    Join Date
    Dec 2002
    Posts
    394
    Thanxs, for tha alert!

    Cert.org always on top of things

    Peace---phaza7;-)
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules