Andrea Mennucci
1997-Oct-03 05:15 UTC
ssh 1.2.20 may create problems in connection with lpd bug
hi
the problem :
ssh lets ordinary users=A0forward reserved ports
(see
Debian bug report logs - #12763
ssh 1.2.20-3 /sshd vulnerable
)
in connection with:
lpd lets people who have access to its reserved port (ie people from
hosts in /etc/hosts.{lpd,allow}) create delete and exec files
(see
Secure Networks Inc. Security Advisory October 2, 1997
as reported thru linux-security@redhat.com
)
means big problems!
(I am not expert enough to understand the impact and exploitations of this)
a.Mennucci
Matt
1997-Oct-04 17:55 UTC
Re: [linux-security] ssh 1.2.20 may create problems in connection with lpd bug
In mail.linux.security Andrea Mennucci <mennucci@cibs.sns.it> wrote: : the problem : : ssh lets ordinary users=A0forward reserved ports It''s why 1.2.21 came out, albeit slower then it should, but out. This problem is over a month old. 1.2.21 rpm spec file is available, with pam patches, from ftp://ftp.dhp.com/pub/linux/dhp-dist RPM''s are not currently available due to US export restrictions. -- -Matt (panzer@dhp.com) -- DataHaven Project - http://www.dhp.com/ "That which can never be enforced should not be prohibited."