[1638] in linux-security and linux-alert archive
[linux-security] ssh 1.2.20 may create problems in connection with lpd bug
daemon@ATHENA.MIT.EDU (Andrea Mennucci)
Sat Oct 4 04:55:28 1997
From: mennucci@cibs.sns.it (Andrea Mennucci)
To: 12763@bug.debian.org.ocn.nl
Date: Fri, 3 Oct 1997 13:15:23 +0100 (DFT)
Cc: linux-security@redhat.com
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com
hi
the problem :
ssh lets ordinary users=A0forward reserved ports
(see
Debian bug report logs - #12763
ssh 1.2.20-3 /sshd vulnerable
)
in connection with:
lpd lets people who have access to its reserved port (ie people from
hosts in /etc/hosts.{lpd,allow}) create delete and exec files
=
(see
Secure Networks Inc. Security Advisory October 2, 1997
as reported thru linux-security@redhat.com
)
=
means big problems!
(I am not expert enough to understand the impact and exploitations of thi=
s)
a.Mennucci
--
----------------------------------------------------------------------
Please refere to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe: mail -s unsubscribe test-list-request@redhat.com < /dev/null