xfocus logo xfocus title
首页 焦点原创 安全文摘 安全工具 安全漏洞 焦点项目 焦点论坛 关于我们
English Version
 最近严重漏洞 
Microsoft RPC接口远程任意代码可执行漏洞
Cisco IOS接口不正确处理IPV4包远程拒绝服务漏洞
Microsoft Windows CreateFile API命名管道权限提升漏洞

SSH Communications SSH Server权限提升漏洞


发布时间:2002-11-25
更新时间:2002-11-25
严重程度:
威胁程度:权限提升
错误类型:设计错误
利用方式:服务器模式

BUGTRAQ ID:6247

受影响系统
SSH Communications Security SSH2 2.0.13
SSH Communications Security SSH2 2.1
SSH Communications Security SSH2 2.2
SSH Communications Security SSH2 2.3
SSH Communications Security SSH2 2.4
   - Microsoft Windows 2000 Workstation
   - Microsoft Windows 95
   - Microsoft Windows 98
   - Microsoft Windows NT 4.0
SSH Communications Security SSH2 2.5
   - Microsoft Windows 2000 Workstation
   - Microsoft Windows 95
   - Microsoft Windows 98
   - Microsoft Windows NT 4.0
SSH Communications Security SSH2 3.0
SSH Communications Security SSH2 3.0.1
SSH Communications Security SSH2 3.1
SSH Communications Security SSH2 3.1.1
SSH Communications Security SSH2 3.1.2
SSH Communications Security SSH2 3.1.3
SSH Communications Security SSH2 3.1.4
SSH Communications Security SSH2 3.2
SSH Communications Security SSH2 3.2.1
详细描述
SSH Communications报告SSH SERVER存在漏洞,可导致本地权限提升。

当派生子进程给非交互会话时,SSH SERVER在把子进程从父进程组中删除时执行setsid()失败,可导致子进程仍旧保留'root'登录名,如果某一程序运行时依靠登录名验证用户权限,可导致以高权限执行任意代码。

要利用这个漏洞攻击者需要在目标系统中有本地帐户。

测试代码
尚无

解决方案
SSH Communications Security SSH2 2.0.13:
SSH Communications Security SSH2 2.1:
SSH Communications Security SSH2 2.2:
SSH Communications Security SSH2 2.3:
SSH Communications Security SSH2 2.4:
SSH Communications Security SSH2 2.5:
SSH Communications Security SSH2 3.0:
SSH Communications Security SSH2 3.0.1:
SSH Communications Security SSH2 3.1:

SSH Communications Security Upgrade ssh-3.1.5
http://ftp.ssh.com/priv/secureshell/h7cq89th/

SSH Communications Security SSH2 3.1.1:

SSH Communications Security Upgrade ssh-3.1.5
http://ftp.ssh.com/priv/secureshell/h7cq89th/

SSH Communications Security SSH2 3.1.2:

SSH Communications Security Upgrade ssh-3.1.5
http://ftp.ssh.com/priv/secureshell/h7cq89th/

SSH Communications Security SSH2 3.1.3:

SSH Communications Security Upgrade ssh-3.1.5
http://ftp.ssh.com/priv/secureshell/h7cq89th/

SSH Communications Security SSH2 3.1.4:

SSH Communications Security Upgrade ssh-3.1.5
http://ftp.ssh.com/priv/secureshell/h7cq89th/

SSH Communications Security SSH2 3.2:

SSH Communications Security Upgrade ssh-3.2.2
http://ftp.ssh.com/priv/secureshell/6g3zslpk

SSH Communications Security SSH2 3.2.1:

SSH Communications Security Upgrade ssh-3.2.2
http://ftp.ssh.com/priv/secureshell/6g3zslpk

相关信息
参考:http://www.ssh.com/company/newsroom/article/286/
http://www.kb.cert.org/vuls/id/740619
Copyright © 1998-2003 XFOCUS Team. All Rights Reserved