OpenSSH Security Advisory (adv.channelalloc) (fwd)

Niels Provos provos at citi.umich.edu
Fri Mar 8 02:05:49 EST 2002


On Thu, Mar 07, 2002 at 05:00:53PM +0200, Pekka Savola wrote:
> On Thu, 7 Mar 2002, Markus Friedl wrote:
> > 2. Impact:
> > 
> >         This bug can be exploited locally by an authenticated user
> >         logging into a vulnerable OpenSSH server
> 
> Can you elaborate a bit what this means..?  I'm mostly puzzled about the 
> use of the word 'locally' as it seems to contradict with logging into, 
> unless e.g. IP source and destination must be equal or something.
You need an account on the machine.  That is equivalent to a local
attack even if you need to initiate a network connection.  The channel
forwarding happens only after authentication.

Niels.



More information about the openssh-unix-dev mailing list