[1638] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] ssh 1.2.20 may create problems in connection with lpd bug

daemon@ATHENA.MIT.EDU (Andrea Mennucci)
Sat Oct 4 04:55:28 1997

From: mennucci@cibs.sns.it (Andrea Mennucci)
To: 12763@bug.debian.org.ocn.nl
Date: Fri, 3 Oct 1997 13:15:23 +0100 (DFT)
Cc: linux-security@redhat.com
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com


hi

the problem :

 ssh lets ordinary users=A0forward reserved ports
 (see
  Debian bug report logs - #12763
  ssh 1.2.20-3 /sshd vulnerable
 )


in connection with:

 lpd lets people who have access to its reserved port (ie people from
  hosts in /etc/hosts.{lpd,allow})  create delete and exec files
 =

 (see
 Secure Networks Inc. Security Advisory October 2, 1997
 as reported thru linux-security@redhat.com
 )
 =

means big problems!
(I am not expert enough to understand the impact and exploitations of thi=
s)

a.Mennucci

--
----------------------------------------------------------------------
Please refere to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe: mail -s unsubscribe test-list-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post