Users with existing account can get root via OpenSSH 2.0 - 3.0.2
A bug exists in the channel code of OpenSSH versions 2.0 - 3.0.2
Users with an existing user account can abuse this bug to gain root privileges. Exploitability without an existing user account has not been proven but is not considered impossible. A malicious ssh server could also use this bug to exploit a connecting vulnerable client.
Advisory HERE: http://www.pine.nl/advisories/pine-cert-20020301.txt
Users with an existing user account can abuse this bug to gain root privileges. Exploitability without an existing user account has not been proven but is not considered impossible. A malicious ssh server could also use this bug to exploit a connecting vulnerable client.
Advisory HERE: http://www.pine.nl/advisories/pine-cert-20020301.txt
