[Outofthebox] problema con scponlyc [Risolto]
Lonely Wolf
lonelywolf at olografix.org
Tue Mar 21 23:10:14 CET 2006
Ah ecco..
./configure --help
blabla
--enable-scp-compat enable scp compatibility
...
perfetto.
Vabè, se SFTP va, cmq è ok così no?
Grazie presidè :)
isazi ha scritto:
> On Tuesday 21 March 2006 22:46, Lonely Wolf wrote:
>> riabilitato?
>> in che senso scusa?
>
> Dalla 4.2 in poi:
>
> SECURITY PROBLEM 2, reported by Pekka Pessi:
> If ANY the following conditions are true, administrators using
> scponly-4.1 or older may be at risk of remote scponly users
> circumventing the restricted shell and executing arbitrary programs.
> There is no privilege escalation and this vulnerability is
> post-authentication.
>
> * scp compatibility is enabled
> * rsync compatibility is enabled
>
> Exploit:
> To exploit this vulnerability, a remote scponly user could:
> * construct a malicious command line argument to either the rsync or
> scp. Athough scponly does check for arguments that allow the user to
> specify a program to run, it does not use getopt() style processing to
> locate these potentially malicious arguments. For example, the
> potentially malicious scp argument "-S program" would be detected but
> by combining it with the benevolent "-v" (yielding "-vS program") would
> not.
>
> Fix:
> The new release of scponly-4.2:
> * uses getopt to process the arguments to scp and rsync.
> * does not support rsync or scp by default. henceforth, the recommended
> means to use scponly is via sftp
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Outofthebox mailing list
> Outofthebox at olografix.org
> https://www.olografix.org/mailman/listinfo/outofthebox
--
Lonely Wolf
GPg PubKey on: http://pgp.mit.edu - KeyID: EAB1B4A3
Key Fingerprint: 1317 C2F4 2B93 FA8E DB91 C1CB 89A7 AFF0 EAB1 B4A3
More information about the Outofthebox
mailing list