Hi, Johannes Verelst wrote: > > Summarized, this exploit only works if you have in your sshd_config: > > PAMAuthenticationViaKbdInt yes > UsePrivilegeSeparation no > > The default values for both my unstable and stable debian boxes appear > to be: > > PAMAuthenticationViaKbdInt no > UsePrivilegeSeparation yes
potato box, installed potato: PAMAuthenticationViaKbdInt yes #UsePrivilegeSeparation yes woody box, installed potato&upgraded: PAMAuthenticationViaKbdInt yes #UsePrivilegeSeparation yes woody box, installed woody: PAMAuthenticationViaKbdInt no UsePrivilegeSeparation yes But i think i am also not vulnerable because privsep is default since 3.3. Regards, Ralf Dreibrodt
