OpenSSH is an implementation of the Secure Shell (SSH) protocol. It can be configured to use Linux Pluggable Authentication Modules (PAM) for added authentication. A vulnerability exists in OpenSSH, and perhaps other implementations of SSH, which can allow to potentially bypass PAM restrictions.
OpenSSH fails to call pam_open_session if no pty (pseudo-terminal driver) is used. This in turn does not activate the security modules specified in /etc/pam.d. It has been pointed out that if you use pam_limits.so to set resource limits, then users could bypass these limits by calling ssh in this manner.
An attacker can bypass the PAM security modules specified on the target machine.
Upgrade to OpenSSH 2.9.9p1.
Restrict access to the SSH service
You may wish to disable the SSH access until a patch is available from your vendor.
Christian Kraemer discovered this vulnerability.
This document was written by Jason Rafail.
|Date First Published:||2001-12-07|
|Date Last Updated:||2001-12-12 14:39 UTC|