search for: rssh_chroot_helper

Displaying 2 results from an estimated 2 matches for "rssh_chroot_helper".

2005 Dec 30
5
rssh: root privilege escalation flaw
...lem was fixed in 2.3.0, but there is another small bug (not security-related) in that version which prompted me to release 2.3.1 today. I will announce that separately in appropriate channels. Please upgrade to the 2.3.1 release, not the 2.3.0 release. Max Vozeler reported a flaw in the design of rssh_chroot_helper whereby it can be exploited to chroot to arbitrary directories and thereby gain root access. If rssh is installed on a system, and non-trusted users on that system have access which is not protected by rssh (i.e. they have full shell access), then they can use rssh_chroot_helper to chroot to arbit...
2004 Oct 23
1
rssh: pizzacode security alert
...ors), or that the system is probably already compromised. However, on some older systems with broken implementations of the setuid() family of functions, a root compromise may be possible with certain configurations of rssh. Specifically, if rssh is configured to use a chroot jail, it will exec() rssh_chroot_helper, which must be setuid root in order to call chroot(). Normally, rssh_chroot_helper calls setuid(getuid()) and drops privileges before any of the logging functions are called, making a root compromise impossible on most systems. However, some older systems which handle saved UIDs improperly may be...