Displaying 2 results from an estimated 2 matches for "rssh_chroot_helper".
2005 Dec 30
5
rssh: root privilege escalation flaw
...lem was fixed in 2.3.0, but there is another small bug (not
security-related) in that version which prompted me to release 2.3.1
today. I will announce that separately in appropriate channels.
Please upgrade to the 2.3.1 release, not the 2.3.0 release.
Max Vozeler reported a flaw in the design of rssh_chroot_helper
whereby it can be exploited to chroot to arbitrary directories and
thereby gain root access. If rssh is installed on a system, and
non-trusted users on that system have access which is not protected by
rssh (i.e. they have full shell access), then they can use
rssh_chroot_helper to chroot to arbit...
2004 Oct 23
1
rssh: pizzacode security alert
...ors), or that the system is
probably already compromised.
However, on some older systems with broken implementations of the
setuid() family of functions, a root compromise may be possible with
certain configurations of rssh. Specifically, if rssh is configured
to use a chroot jail, it will exec() rssh_chroot_helper, which must be
setuid root in order to call chroot(). Normally, rssh_chroot_helper
calls setuid(getuid()) and drops privileges before any of the logging
functions are called, making a root compromise impossible on most
systems. However, some older systems which handle saved UIDs
improperly may be...