OpenSSH Security Advisory (adv.channelalloc) (fwd)
Niels Provos
provos at citi.umich.edu
Fri Mar 8 02:05:49 EST 2002
On Thu, Mar 07, 2002 at 05:00:53PM +0200, Pekka Savola wrote:
> On Thu, 7 Mar 2002, Markus Friedl wrote:
> > 2. Impact:
> >
> > This bug can be exploited locally by an authenticated user
> > logging into a vulnerable OpenSSH server
>
> Can you elaborate a bit what this means..? I'm mostly puzzled about the
> use of the word 'locally' as it seems to contradict with logging into,
> unless e.g. IP source and destination must be equal or something.
You need an account on the machine. That is equivalent to a local
attack even if you need to initiate a network connection. The channel
forwarding happens only after authentication.
Niels.
More information about the openssh-unix-dev
mailing list