SSHKeychain Local Privilege Escalation and Information Disclosure Vulnerabilities
BID:25409
Info
SSHKeychain Local Privilege Escalation and Information Disclosure Vulnerabilities
| Bugtraq ID: | 25409 |
| Class: | Unknown |
| CVE: |
CVE-2007-4501 CVE-2007-4500 |
| Remote: | No |
| Local: | Yes |
| Published: | Aug 22 2007 12:00AM |
| Updated: | Jul 05 2016 10:00PM |
| Credit: | Eric Warnke discovered these issues. |
| Vulnerable: |
SSHKeychain SSHKeychain 0.8.1 |
| Not Vulnerable: |
SSHKeychain SSHKeychain 0.8.2 beta |
Discussion
SSHKeychain Local Privilege Escalation and Information Disclosure Vulnerabilities
SSHKeychain is prone to a local privilege-escalation issue and an information-disclosure issue.
Successfully exploiting these issues allows local attackers to gain superuser-level privileges and to obtain passphrases used to unlock SSH keys. Exploiting these issues will facilitate the complete compromise of affected computers.
SSHKeychain 0.8.1 is vulnerable; prior versions may also be affected.
SSHKeychain is prone to a local privilege-escalation issue and an information-disclosure issue.
Successfully exploiting these issues allows local attackers to gain superuser-level privileges and to obtain passphrases used to unlock SSH keys. Exploiting these issues will facilitate the complete compromise of affected computers.
SSHKeychain 0.8.1 is vulnerable; prior versions may also be affected.
Exploit / POC
SSHKeychain Local Privilege Escalation and Information Disclosure Vulnerabilities
Currently we are not aware of any exploits for the TunnelRunner issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
The PassphraseRequester issue does not require specific exploit code.
Currently we are not aware of any exploits for the TunnelRunner issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
The PassphraseRequester issue does not require specific exploit code.
Solution / Fix
SSHKeychain Local Privilege Escalation and Information Disclosure Vulnerabilities
Solution:
The vendor has committed fixes for these issues into their SVN repository. A beta version of 0.8.2 has also been released to address these issues. Please see the referenced advisory for more information.
Solution:
The vendor has committed fixes for these issues into their SVN repository. A beta version of 0.8.2 has also been released to address these issues. Please see the referenced advisory for more information.
References
SSHKeychain Local Privilege Escalation and Information Disclosure Vulnerabilities
References:
References:
- [Users] New version: 0.8.3 beta (SSHKeychain)
- [Users] SECURITY: root privilege escalation / trivial reveal of stored passwords (Eric Warnke)
- SSHKeychain Home Page (SSHKeychain)