Date: Thu, 27 Aug 2015 15:50:58 +0200 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: Mike Tancsa <mike@sentex.net> Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-15:22.openssh Message-ID: <864mjkrgal.fsf@nine.des.no> In-Reply-To: <55DF0BBD.1080206@sentex.net> (Mike Tancsa's message of "Thu, 27 Aug 2015 09:08:13 -0400") References: <20150825212749.C154016C9@freefall.freebsd.org> <55DE0E74.4040000@sentex.net> <86h9nlqjmn.fsf@nine.des.no> <55DF0BBD.1080206@sentex.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Mike Tancsa <mike@sentex.net> writes: > For the latter two, I am trying to understand in the context of a shared > hosting system. Could one user with sftp access to their own directory > use these bugs to gain access to another user's account ? Once again: both of these are attacks on the main sshd process by the unprivileged child provess, so the attacker first has to gain control of said child using some other vulnerability. There is currently no known way to exploit them. The reason why an advisory was issued is that by definition, the unprivileged child is assumed to be hostile. http://blog.des.no/2015/08/openssh-pam-and-user-names/ DES -- Dag-Erling Smørgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?864mjkrgal.fsf>