|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: OpenSSH's UseLogin option allows remote access with root privilege.
From: Markus Friedl (markus.friedl
INFORMATIK.UNI-ERLANGEN.DE)Date: Mon Jun 12 2000 - 04:58:00 CDT
- Next message: stuart.mcclureFOUNDSTONE.COM: "IBM WebSphere JSP showcode vulnerability"
- Previous message: Alfred Perlstein: "Re: Mandrake 7.0: /usr/bin/cdrecord gid=80 (strike #2)"
- In reply to: Phil Stracchino: "Re: OpenSSH's UseLogin option allows remote access with root privilege."
- Reply: Markus Friedl: "Re: OpenSSH's UseLogin option allows remote access with root privilege."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sat, Jun 10, 2000 at 02:54:25PM -0700, Phil Stracchino wrote:
> *** session.c.orig Fri May 19 19:49:31 2000
> --- session.c Fri Jun 9 23:45:28 2000
this is a bad patch, the check for (options.use_login && command
!= NULL) should be compiled into sshd even if USE_PAM is defined.
a correct patch is attached.
moreover, i got some complaints from people who ship OpenSSH and
did not get notified in advance. we don't all who ship OpenSSH,
so please tell me at <markusopenssh.com> if you want to get notified
in the future.
- text/plain attachment: 1_
- Next message: stuart.mcclureFOUNDSTONE.COM: "IBM WebSphere JSP showcode vulnerability"
- Previous message: Alfred Perlstein: "Re: Mandrake 7.0: /usr/bin/cdrecord gid=80 (strike #2)"
- In reply to: Phil Stracchino: "Re: OpenSSH's UseLogin option allows remote access with root privilege."
- Reply: Markus Friedl: "Re: OpenSSH's UseLogin option allows remote access with root privilege."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]