Date: Thu, 27 Aug 2015 09:08:13 -0400 From: Mike Tancsa <mike@sentex.net> To: =?UTF-8?Q?Dag-Erling_Sm=c3=b8rgrav?= <des@des.no> Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-15:22.openssh Message-ID: <55DF0BBD.1080206@sentex.net> In-Reply-To: <86h9nlqjmn.fsf@nine.des.no> References: <20150825212749.C154016C9@freefall.freebsd.org> <55DE0E74.4040000@sentex.net> <86h9nlqjmn.fsf@nine.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On 8/27/2015 3:24 AM, Dag-Erling Smørgrav wrote: > Mike Tancsa <mike@sentex.net> writes: >> I know RELENG_8 is no longer supported, but does this issue impact >> FreeBSD 8.x ? > > Note that of the three issues mentioned here, one is not exploitable by > an attacker and the other two presuppose a compromised pre-auth child. For the latter two, I am trying to understand in the context of a shared hosting system. Could one user with sftp access to their own directory use these bugs to gain access to another user's account ? ---Mike -- ------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55DF0BBD.1080206>