FreeBSD Security Advisory FreeBSD-SA-15:22.openssh
Dag-Erling Smørgrav
des at des.no
Thu Aug 27 13:51:02 UTC 2015
Mike Tancsa <mike at sentex.net> writes:
> For the latter two, I am trying to understand in the context of a shared
> hosting system. Could one user with sftp access to their own directory
> use these bugs to gain access to another user's account ?
Once again: both of these are attacks on the main sshd process by the
unprivileged child provess, so the attacker first has to gain control of
said child using some other vulnerability. There is currently no known
way to exploit them. The reason why an advisory was issued is that by
definition, the unprivileged child is assumed to be hostile.
http://blog.des.no/2015/08/openssh-pam-and-user-names/
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the freebsd-security
mailing list