Re: Strange SSHD Behaviour
From: Vox (vox@gnulinux.org.mx)Date: 09/12/02
- Previous message: tflat: "Re: MD5 checksum's for Redhat 7.3 binaries?"
- Maybe in reply to: Naseer Bhatti: "Strange SSHD Behaviour"
- Next in thread: Kurt Seifried: "Re: Openssh and sendmail signatures"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "focus-linux" <focus-linux@securityfocus.com> From: Vox <vox@gnulinux.org.mx> Date: 12 Sep 2002 09:20:02 -0500
"Naseer Bhatti" <naseer@digitallinx.com> writes:
> Thanks for the support all guys. Someone mentioned in a post here that one
> can generate own *scanned* message. That's the message which occurs in the
> syslog? SCANSSH produces log files such as these. What I am thinking here
> (might be wrong) If you can inject your own message in syslog, can't it be
> something like you can inject some shellcode into it which can give you
> access to the box? If this can be done ... you think what I think ?
> :)
I *think* somebody mentioned thisg in bugtraq when this ssh scanner
first showed up last year...and the conclusion was that syslogd is
smart enough to see the difference between a message and code....but
I'm not 100% sure who said it and based on what :) You may want to
check the bugtraq archives, tho :)
Vox
-- Think of the Linux community as a niche economy isolated by its beliefs. Kind of like the Amish, except that our religion requires us to use _higher_ technology than everyone else. -- Donald B. Marti Jr.-----BEGIN GEEK CODE BLOCK----- Version: 3.1 GCM d- s:+ a C++++ U++++ P++ L+++ E+ W++ N++ o+ K- w--- O- M- V- PS+ PE Y PGP t 5++ X-- R tv+ b+++ DI++ D--- G e++ h+ r++ y** ------END GEEK CODE BLOCK------
- Previous message: tflat: "Re: MD5 checksum's for Redhat 7.3 binaries?"
- Maybe in reply to: Naseer Bhatti: "Strange SSHD Behaviour"
- Next in thread: Kurt Seifried: "Re: Openssh and sendmail signatures"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
