Re: Strange SSHD Behaviour

From: Vox (vox@gnulinux.org.mx)
Date: 09/12/02


To: "focus-linux" <focus-linux@securityfocus.com>
From: Vox <vox@gnulinux.org.mx>
Date: 12 Sep 2002 09:20:02 -0500


"Naseer Bhatti" <naseer@digitallinx.com> writes:

> Thanks for the support all guys. Someone mentioned in a post here that one
> can generate own *scanned* message. That's the message which occurs in the
> syslog? SCANSSH produces log files such as these. What I am thinking here
> (might be wrong) If you can inject your own message in syslog, can't it be
> something like you can inject some shellcode into it which can give you
> access to the box? If this can be done ... you think what I think ?
> :)

  I *think* somebody mentioned thisg in bugtraq when this ssh scanner
  first showed up last year...and the conclusion was that syslogd is
  smart enough to see the difference between a message and code....but
  I'm not 100% sure who said it and based on what :) You may want to
  check the bugtraq archives, tho :)

  Vox

-- 
Think of the Linux community as a niche economy isolated by its beliefs.  Kind
of like the Amish, except that our religion requires us to use _higher_
technology than everyone else.	     -- Donald B. Marti Jr.

-----BEGIN GEEK CODE BLOCK----- Version: 3.1 GCM d- s:+ a C++++ U++++ P++ L+++ E+ W++ N++ o+ K- w--- O- M- V- PS+ PE Y PGP t 5++ X-- R tv+ b+++ DI++ D--- G e++ h+ r++ y** ------END GEEK CODE BLOCK------



Relevant Pages