OpenSSH's UseLogin option allows remote access with root privilege.
Gregory Steuck
greg at nest.cx
Sat Jun 10 01:30:05 EST 2000
>>>>> "Markus" == Markus Friedl <markus.friedl at informatik.uni-erlangen.de> writes:
Markus> OpenSSH's UseLogin option allows remote access with root
Markus> privilege. 1. Systems affected:
Markus> The default installation of OpenSSH is not vulnerable,
Markus> since UseLogin defaults to 'no'. However, if UseLogin is
Markus> enabled, all versions of OpenSSH prior to 2.1.1 are
Markus> affected.
Could you clarify if the following lines from
http://www.openbsd.org/plus.html are true than?
"Do not use the (non-default) UseLogin option in OpenSSH 2.1.*, it has a
hole on other operating systems and does not work right in OpenBSD."
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Is OpenBSD with "UseLogin yes" vulnerable or not (even though it's not
default)?
Bye
Greg
More information about the openssh-unix-dev
mailing list