18 Sep
2002
18 Sep
'02
12:52
Hi, afaik SuSE 8.0 uses (after updates) the 3.4p1 version of openssh. Maybe thats interesting: http://online.securityfocus.com/archive/1/292015/2002-09-15/2002-09-21/0 (at last just for noticing ;) regards, Sven
18 Sep
18 Sep
13:21
New subject: [suse-security] OpenSSH 3.4p1 privsep
Sven 'Darkman' Michels wrote:
Hi,
afaik SuSE 8.0 uses (after updates) the 3.4p1 version of openssh. Maybe thats interesting: http://online.securityfocus.com/archive/1/292015/2002-09-15/2002-09-21/0 (at last just for noticing ;)
Well, there's close to nothing you can do against an evil root on Linux. I could ltrace the sshd-process and wait, until it calls crypt() - same problem, even without privsep. This is no vulnerability, as nonpriviledged users can't the the passwords. Ralph
7898
Age (days ago)
7898
Last active (days ago)
1 comments
2 participants
participants (2)
-
Ralph Angenendt
-
Sven 'Darkman' Michels