search for: keyinit

.... The program may then read data from or write data to the file inappropriately. If the file is one that the user would normally not have privileges to open, this may result in an opportunity for privilege escalation. III. Impact Local users may gain superuser privileges. It is known that the `keyinit' set-user-id program is exploitable using this method. There may be other programs that are exploitable. IV. Workaround None. The set-user-id bit may be removed from `keyinit' using the following command, but note that there may be other programs that can be exploited. # chmod 0555 /u...

...|ASSIGNED ------- Additional Comments From markus at openbsd.org 2002-03-08 08:10 ------- packet_read_expect(SSH2_MSG_NEWKEYS); ^^^ hm, i never thought i need to implement this, but now it seems so. but i don't think it's related to this line. i think if the keyinit packet has first_kex_follows set i have to continue parsing the packet.... not sure how to implement this (ugly?) optimization ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.