Debian Linux can be configured to utilize SELinux extensions. OpenSSH may also be configured to utilize SELinux, and to interface with the role-based privilege system. Debian Linux is prone to an SELinux privilege-escalation vulnerability due to a flaw in its OpenSSH package. Specifically, when remote users authenticate against a vulnerable OpenSSH server, their username can contain extra information, including the SELinux role they wish to utilize upon a successful login. Usernames containing a trailing ':/<role>' will be parsed as the user requesting the '<role>' SELinux role, and it will improperly grant the role privileges to the user. This reportedly occurs without proper validation or privilege checking. Successfully exploiting this issue allows attackers that can successfully authenticate against affected OpenSSH servers to gain access to any configured SELinux role. This may allow them elevated privileges, facilitating the complete compromise of...
Debian Linux can be configured to utilize SELinux extensions. OpenSSH may also be configured to utilize SELinux, and to interface with the role-based privilege system. Debian Linux is prone to an SELinux privilege-escalation vulnerability due to a flaw in its OpenSSH package. Specifically, when remote users authenticate against a vulnerable OpenSSH server, their username can contain extra information, including the SELinux role they wish to utilize upon a successful login. Usernames containing a trailing ':/&lt;role&gt;' will be parsed as the user requesting the '&lt;role&gt;' SELinux role, and it will improperly grant the role privileges to the user. This reportedly occurs without proper validation or privilege checking. Successfully exploiting this issue allows attackers that can successfully authenticate against affected OpenSSH servers to gain access to any configured SELinux role. This may allow them elevated privileges, facilitating the complete compromise of affected computers. OpenSSH must be configured with '--with-selinux' for this vulnerability to be exposed. Information regarding specific affected packages of OpenSSH running on Debian Linux is not available. Other derivative versions and operating systems may also be affected. Debian Linux 4.0 Debian Linux 4.0 alpha Debian Linux 4.0 amd64 Debian Linux 4.0 arm Debian Linux 4.0 hppa Debian Linux 4.0 ia-32 Debian Linux 4.0 ia-64 Debian Linux 4.0 m68k Debian Linux 4.0 mips Debian Linux 4.0 mipsel Debian Linux 4.0 powerpc Debian Linux 4.0 s/390 Debian Linux 4.0 sparc <a href=http://www.debian.org/ target=_blank>http://www.debian.org/</a>
