Debian OpenSSH SELinux Privilege Escalation Vulnerability
BID:30276
Info
Debian OpenSSH SELinux Privilege Escalation Vulnerability
| Bugtraq ID: | 30276 |
| Class: | Design Error |
| CVE: |
CVE-2008-3234 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 17 2008 12:00AM |
| Updated: | May 07 2015 05:27PM |
| Credit: | Kingcope |
| Vulnerable: |
Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 |
| Not Vulnerable: | |
Discussion
Debian OpenSSH SELinux Privilege Escalation Vulnerability
Debian Linux is prone to an SELinux privilege-escalation vulnerability due to a flaw in its OpenSSH package.
Successfully exploiting this issue allows attackers who can successfully authenticate against affected OpenSSH servers to gain access to any configured SELinux role. This may allow them elevated privileges, facilitating the complete compromise of affected computers.
Information regarding specific affected packages of OpenSSH running on Debian Linux is not available. Other derivative versions and operating systems may also be affected.
Debian Linux is prone to an SELinux privilege-escalation vulnerability due to a flaw in its OpenSSH package.
Successfully exploiting this issue allows attackers who can successfully authenticate against affected OpenSSH servers to gain access to any configured SELinux role. This may allow them elevated privileges, facilitating the complete compromise of affected computers.
Information regarding specific affected packages of OpenSSH running on Debian Linux is not available. Other derivative versions and operating systems may also be affected.
Exploit / POC
Debian OpenSSH SELinux Privilege Escalation Vulnerability
Attackers use standard SSH clients to exploit this issue.
The following command demonstrates this issue:
ssh -p2222 -lusername:/wishedrole 127.0.0.1
Attackers use standard SSH clients to exploit this issue.
The following command demonstrates this issue:
ssh -p2222 -lusername:/wishedrole 127.0.0.1
Solution / Fix
Debian OpenSSH SELinux Privilege Escalation Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].