Re: FreeBSD Security Advisory FreeBSD-SA-08:05.openssh
Matthew Seaman <m.seaman@infracaninophile.co.uk> writes:
> Hmmm... something that wasn't immediately clear to me reading the
> advisory: the requirement for an attacker to listen(2) on tcp port
> 6010 means that they have to have a login on the box being attacked.
> ie. it's a *local* information leak rather than a network attack. It
> took me some time and a few gentle thwaps with the clue stick by
> colleagues better versed in the sockets API than me before I
> understood that.
Yes, it's an interesting vulnerability. The attacker needs to be able
to execute code that listens to localhost:60XX on the server, but the
attack is directed at the client, not the server. You could say that
the workaround (on the server) is a mere courtesy to the client on the
part of the server - although of course the attacker could use this to
sniff the server's root password or hijack a root shell, so it's not
quite so clear-cut.
DES
--=20
Dag-Erling Sm=C3=B8rgrav - des@des.no
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 6 之 7 篇):