Vigil@nce - OpenSSH: access to /proc via SFTP
October 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An authenticated attacker can read the /proc/self/maps file via
SFTP of OpenSSH, in order to obtain sensitive information, or he
can also write in the /proc/self/mem file to alter the memory
content.
Impacted products: OpenSSH
Severity: 2/4
Creation date: 08/10/2014
DESCRIPTION OF THE VULNERABILITY
The OpenSSH product offers a SFTP service, which is used to read
or create files.
However, the SFTP service does not forbid access to /proc files.
An authenticated attacker can therefore read the /proc/self/maps
file via SFTP of OpenSSH, in order to obtain sensitive
information, or he can also write in the /proc/self/mem file to
alter the memory content.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/OpenSSH-access-to-proc-via-SFTP-15447