Package: rssh Version: 2.2.3-3 Severity: critical Tags: security Hey Jesus,
rssh 2.3.0 has been released by Derek to fix the arbitrary chroot() problem and privilege escalation we've mailed about (CVE-2005-3345) http://www.pizzashack.org/rssh/index.shtml: > Dec 18, 2005 > > rssh v2.3.0 released today! > > Important Security Notice: > > Max Vozeler has reported a problem whereby rssh can allow users who > have shell access to systems where rssh is installed (and > rssh_chroot_helper is installed SUID) to gain root access to the > system, due to the ability to chroot to arbitrary locations. There are > a lot of potentially mitigating factors, but to be safe you should > upgrade immediately. This bug affects all versions of rssh from v2.0.0 > to v2.2.3, so please upgrade now! > > The 2.3.0 release of rssh fixes this problem, by forcing the chroot > helper to re-parse the config file to decide where to chroot(2) to. > Users with shell access to the system can not subvert the chroot > location, and may not be able to chroot at all depending on the > configuration of rssh, which solves the problem. Having rssh installed and rssh_chroot_helper setuid root is sufficient for this bug to be exploitable, hence severity critical. cheers, Max -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
