[scponly] Re: scponly 4.2 released (IMPORTANT SECURITY FIXES)
Max Vozeler
max at decl.org
Thu Dec 22 08:34:35 EST 2005
On Wed, Dec 21, 2005 at 04:49:50PM -0800, wby oblyr wrote:
> Problem Description: If ALL the following conditions are true,
> administrators using scponly-4.1 or older may be at risk of a local
> privilege escalation exploit:
>
> ...
> - the operating system supports an LD_PRELOAD style mechanism to
> overload dynamic library loading
Note that LD_PRELOAD is not strictly a precondition for being able
to exploit this bug. Other ways exist for a user to subvert the
process inside the chroot, the simplest being to install a hacked
version of ld-linux.so (or equivalent), libc6.so or another shared
library that the privileged binary is linked against.
Thanks Joe for handling the vulnerability in a good way, BTW.
cheers,
Max
More information about the scponly
mailing list