Debian Linux can be configured to utilize SELinux extensions. OpenSSH may also be configured to utilize SELinux, and to interface with the role-based privilege system.
Debian Linux is prone to an SELinux privilege-escalation vulnerability due to a flaw in its OpenSSH package.
Specifically, when remote users authenticate against a vulnerable OpenSSH server, their username can contain extra information, including the SELinux role they wish to utilize upon a successful login. Usernames containing a trailing ':/<role>' will be parsed as the user requesting the '<role>' SELinux role, and it will improperly grant the role privileges to the user. This reportedly occurs without proper validation or privilege checking.
Successfully exploiting this issue allows attackers that can successfully authenticate against affected OpenSSH servers to gain access to any configured SELinux role. This may allow them elevated privileges, facilitating the complete compromise of affected computers.
OpenSSH must be configured with '--with-selinux' for this vulnerability to be exposed.
Information regarding specific affected packages of OpenSSH running on Debian Linux is not available. Other derivative versions and operating systems may also be affected.
Debian Linux 4.0
Debian Linux 4.0 alpha
Debian Linux 4.0 amd64
Debian Linux 4.0 arm
Debian Linux 4.0 hppa
Debian Linux 4.0 ia-32
Debian Linux 4.0 ia-64
Debian Linux 4.0 m68k
Debian Linux 4.0 mips
Debian Linux 4.0 mipsel
Debian Linux 4.0 powerpc
Debian Linux 4.0 s/390
Debian Linux 4.0 sparc
<a href=http://www.debian.org/ target=_blank>http://www.debian.org/</a>
京公网安备 11010502034610号
暂无评论