[ale] ssh remote root exploit :-(

[John Mills]

ALErs -

On Mon, 24 Jun 2002, David Bronson wrote:

> http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=102495293705094&q=raw

>From the linked note:

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
However, everyone should update to OpenSSH 3.3 immediately, and enable
priv seperation in their ssh daemons, by setting this in your
/etc/ssh/sshd_config file:

        UsePrivilegeSeparation yes

Depending on what your system is, privsep may break some ssh
functionality.  However, with privsep turned on, you are immune from
at least one remote hole.  Understand?
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

I'm building openssh-3.3p1 from sources, and wondered which user to name
for the 'separated' user. I chose 'nobody' but don't know if this was a
good option.

At startup I was told that '/var/empty' did not exist, so I created
it. 'sshd' started, but I am not yet connecting successfully with
'UsePrivilegeSeparation yes' (works OK with 'no').

Thanks for any comments.

 - John Mills


---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.