VULHUB ™

SSH Communications has reported a vulnerability in SSH server, which could result in local privilege escalation. When forking child processes for non-interactive sessions, SSH server fails to execute the setsid() function to remove the child from the parent process group. This will result in the child process retaining the 'root' login name. If a program is run that verifies a users privileges from the login name, it may be possible to execute various actions with escalated privileges. For this issue to be exploitable an attacker must have a local account on the target system.

SSH Communications has reported a vulnerability in SSH server, which could result in local privilege escalation. When forking child processes for non-interactive sessions, SSH server fails to execute the setsid() function to remove the child from the parent process group. This will result in the child process retaining the 'root' login name. If a program is run that verifies a users privileges from the login name, it may be possible to execute various actions with escalated privileges. For this issue to be exploitable an attacker must have a local account on the target system.