From owner-freebsd-security  Wed Jun 26 11:46:40 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mail1.infospace.com (mail1.infospace.com [206.29.197.87])
	by hub.freebsd.org (Postfix) with SMTP id B39A537BA53
	for <freebsd-security@freebsd.org>; Wed, 26 Jun 2002 11:43:54 -0700 (PDT)
Received: (qmail 11497 invoked from network); 26 Jun 2002 18:43:47 -0000
Received: from unknown (HELO absolut.inspinc.ad) (10.100.11.48)
  by jim.inspinc.ad with SMTP; 26 Jun 2002 18:43:47 -0000
Received: (qmail 15356 invoked from network); 26 Jun 2002 18:43:46 -0000
Received: from unknown (HELO ?10.99.33.65?) ([10.100.29.130]) (envelope-sender <william.carrel@infospace.com>)
          by absolut.inspinc.ad (qmail-ldap-1.03) with SMTP
          for <Jan.Lentfer@web.de>; 26 Jun 2002 18:43:46 -0000
User-Agent: Microsoft-Entourage/10.1.0.2006
Date: Wed, 26 Jun 2002 11:43:45 -0700
Subject: Re: OpenSSH Security (just a question, please no f-war)
From: William Carrel <william.carrel@infospace.com>
To: Jan Lentfer <Jan.Lentfer@web.de>,
	FreeBSD Security Mailling List <freebsd-security@FreeBSD.ORG>
Message-ID: <B93F5971.12FF3%william.carrel@infospace.com>
In-Reply-To: <1025116241.2817.2.camel@jan-linux.lan>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On 6/26/02 11:30 AM, "Jan Lentfer" <Jan.Lentfer@web.de> wrote:

> Ok all,
> 
> i somewhat gave up to follow the OpenSSH conversation on the list. I
> have ONE question:
> 
> I am now running 3.3p1 on all my boxes (FreeBSD & Linux) with Privilige
> Separation enabled. Is this configuration secure for now or not?
> Do I have to update to 3.4 as soon as it is in ports or can I take a few
> days until everything has settled and calmed a little?

If and only if you have ChallengeResponseAuthentication set to "yes" then
you are vulnerable to a hole that will allow malicious code to be executed
as the privsep user ("sshd") in the /var/empty chroot().  This could lead to
further compromisation of your system (even inside the chroot as a
relatively unprivileged user).

-- 
William Carrel | Sr. Systems Engineer | william.carrel@infospace.com
InfoSpace INC  601 108th Ave NE | Suite 1200  | Bellevue, WA 98004 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message