Skip to content

[Security] Elevation of privilege over loopback #680

@manojampalam

Description

@manojampalam

Please answer the following

"OpenSSH for Windows" version
0.0.12.0

OS details
All

What is failing
Elevation of privilege in the following setting:

  • SSO setup for admin user with both client and server on the same box.
  • User private key registered in ssh-agent and user's public key added as authorized for key-based auth

Malware running within an admin non-evelated session and create a ssh remote session over loopback (or to local IP) and can access an elevated remote ssh session on the same box.

Expected output
SSH remote sessions created with SSO over loopback should have no more privileges than client process.

Actual output
SSh remote sessions are elevated.

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions