Vulnerability: SSH Communications SSH Server Privilege Escalation
- 03 December, 2002 11:15
Secure Shell is the commercial SSH implementation distributed and maintained by SSH Communications.
According to a report by Security Focus the setsid() function is used to create a new process group for forked processes. "It has been reported that SSH server fails to run setsid() on non-interactive sessions, resulting in user processes in the parent process group and retaining the 'root' login name.
For more information click here.