Info

Disclosure

Jan 20, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

LSH contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when LSH spawns a new shell for a user. This will leak file descriptors from the 'lshd' daemon to the new process, potentially allowing the user to obtain keying material from the random number generator seed file. This will result in a loss of confidentiality. In addition, the user could truncate that file, denying the 'lshd' daemon access to keying material, causing a Denial-of-Service condition.

Classification

Location: Local Access Required
Attack Type: Denial of Service, Information Disclosure
Impact: Loss of Confidentiality, Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, the author has released a patch to address this vulnerability.

Products

Niels Möller

LSH

2.0.1

References

Secunia Advisory ID: 18564 18623
CVE ID: 2006-0353 (see also: NVD)
ISS X-Force ID: 24263
Mail List Post: http://lists.lysator.liu.se/pipermail/lsh-bugs/2006q1/000467.html
Other Advisory URL: http://www.debian.org/security/2006/dsa-956
Vendor URL: http://www.lysator.liu.se/~nisse/lsh/

Credit

Stefan Pfetzing -

Direct URL: http://osvdb.org/36218