Dag-Erling Smørgrav
2015-Aug-27 07:24 UTC
FreeBSD Security Advisory FreeBSD-SA-15:22.openssh
Mike Tancsa <mike at sentex.net> writes:> I know RELENG_8 is no longer supported, but does this issue impact > FreeBSD 8.x ?Note that of the three issues mentioned here, one is not exploitable by an attacker and the other two presuppose a compromised pre-auth child. DES -- Dag-Erling Sm?rgrav - des at des.no
On 8/27/2015 3:24 AM, Dag-Erling Sm?rgrav wrote:> Mike Tancsa <mike at sentex.net> writes: >> I know RELENG_8 is no longer supported, but does this issue impact >> FreeBSD 8.x ? > > Note that of the three issues mentioned here, one is not exploitable by > an attacker and the other two presuppose a compromised pre-auth child.For the latter two, I am trying to understand in the context of a shared hosting system. Could one user with sftp access to their own directory use these bugs to gain access to another user's account ? ---Mike -- ------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike at sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/