OpenSSH local root hole.

[n0cmonkey]

Not necessarily networking, but it may be if someone can exploit this remotely.

Upgrade to v3.1 immediately!

Security advisory
patch

According to a post here (deadly.org) this may only affect Linux systems and not BSD systems.

 

[Nothinman]

According to a post here (deadly.org) this may only affect Linux systems and not BSD systems.

Because we know they're not biased or anything =)

It's also funny how this guy posted the same thing on slashdot and deadly:

Regardless of the four year mark being valid or not, this is the 3 release in a row of OpenSSH due to a local root exploit. Doesn't that bother anyone else, especially coming from a group that prides themselves (and very loudly at that) on security?

 

[n0cmonkey]

<< According to a post here (deadly.org) this may only affect Linux systems and not BSD systems.

Because we know they're not biased or anything =) >>



Even if he is biased, there is enough information there for someone to test it on *BSD and let us know if this is true or not. If it does not affect BSD systems it is great to know. If he is wrong, I would love to know it so I can worry about my systems. I dont think this is 100% a bias issue.



<< It's also funny how this guy posted the same thing on slashdot and deadly:

Regardless of the four year mark being valid or not, this is the 3 release in a row of OpenSSH due to a local root exploit. Doesn't that bother anyone else, especially coming from a group that prides themselves (and very loudly at that) on security? >>



/. and deadly get a lot of the same traffic. Sometimes I wish /. stopped providing deadly links so some people would stop creating noise (not necessarily that post because I think he has a valid point).

Thanks for the bump

EDIT: Its on @misc, so there is a good chance it affects OpenBSD. FreeBSD says they are affected, so Im looking into it. Either way it doesnt matter.

 

[gaidin123]

This message was sent out on the openbsd announce and security lists so I'd assume that it affects BSDs as well. After seeing that this morning I spent a good while upgrading all our servers running OpenSSH.

It is a little frustrating having to upgrade SSH more often than any of our other services (on the UNIX side of things) because security holes keep being found in it.

Gaidin

 

[n0cmonkey]

<< This message was sent out on the openbsd announce and security lists so I'd assume that it affects BSDs as well. After seeing that this morning I spent a good while upgrading all our servers running OpenSSH.

It is a little frustrating having to upgrade SSH more often than any of our other services (on the UNIX side of things) because security holes keep being found in it.

Gaidin >>



Unfortunately I havent been able to find any exploit code yet or Id try it. Overall Im glad they keep finding the problems rather than letting them go.

 

[n0cmonkey]

Yes, but sudo exploit works only on Linux platform. Glibc malloc is implemented as linked list, with pointers to prev and next chunk just after allocated buffer, which can be overwritten. This allows to fool UNLINK() macro in free() code. I had the same problem when developing exploit for wuftpd 2.6.1, only on modern Linux distros it was fully exploitable. Read my posts on vuln-dev.

Of course, OpenSSH installed on *BSD platform in fact IS vulnerable, but this vulnerability can't be exploited.

Ill be searching vuln-dev now

EDIT: Dont see anything :/

 

[freebsddude]

For FreeBSD, 3.1 is also available in the ports tree as of today morning.