Re: [Full-disclosure] SSH brute force blocking tool

On Tue, Nov 28, 2006 at 04:02:36PM +0000, Tavis Ormandy wrote:
On Tue, Nov 28, 2006 at 10:56:33AM -0500, J. Oquendo wrote:
Incorrect did you look at the fix? It isn't unsanitized as you state:

J, you have made an attempt to fix it, but is is not sufficient.

An attacker can still add arbitrary hosts to the deny list.

I notice you also havnt solved the local privilege escalation, this can
be abused by local users to gain root by attempting to login with the
username set to a valid passwd entry and then winning the race condition
by creating a symlink to the system passwd file (of course, there are
dozens of other attacks).

Thanks, Tavis.

--
-------------------------------------
taviso@xxxxxxxxxxxxxxxx | finger me for my pgp key.
-------------------------------------------------------

Attachment: pgpXu6fr5iD29.pgp
Description: PGP signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Relevant Pages

  • Re: [Full-disclosure] SSH brute force blocking tool
    ... Tavis Ormandy wrote: ... If an inexperienced admin allows that, ... Heck for what you just claimed "An attacker can still add arbitrary hosts to the deny list. ...
    (Full-Disclosure)
  • Re: [Full-disclosure] SSH brute force blocking tool
    ... J, you have made an attempt to fix it, but is is not sufficient. ... An attacker can still add arbitrary hosts to the deny list. ... Hosted and sponsored by Secunia - http://secunia.com/ ...
    (Full-Disclosure)
  • Re: [Full-disclosure] SSH brute force blocking tool
    ... TO> J, you have made an attempt to fix it, but is is not sufficient. ... TO> An attacker can still add arbitrary hosts to the deny list. ... I wouldnt use a shell script to do so, but I suppose you could use lastb ...
    (Full-Disclosure)