Re: in.telnetd vulnerability??

From: adam morley (adam@gmi.com)
Date: 08/04/01 

Date: Fri, 3 Aug 2001 15:13:58 -0700 (PDT)
From: adam morley <adam@gmi.com>
To: Ryan Russell <ryan@securityfocus.com>
Subject: Re: in.telnetd vulnerability??
Message-ID: <Pine.GSO.4.10.10108031512350.24983-100000@gmi.com>

On Fri, 3 Aug 2001, Ryan Russell wrote:

>On Thu, 2 Aug 2001, Stephen J Fralich wrote:
>
>> ssh is used for any administrative work, but I'll let you come tell my
>> users they have to run a different program or *gasp* install a new program
>> on their own machines if they want to use the systems...heresy!! Well,
>> until the system get's compromised...then it would be why wasn't the
>> system more secure?
>
>I wonder how hard it would be to write a version of the SSH client named
>telnet that would try port 22 before failing to port 23, and do plain
>telnet when used on other ports (telnet mail.example.com 110). Claim it
>is the new telnet client patch. It would allow for some cleartext
>downgrade attacks, but that would at least require active monitoring and
>spoofing. If it were called by the name "ssh", very soft links, it would
>behave normally.

as an admin, i dont think i would like to hide the fact that a session has become insecure from the user. just too worried some other admin would pop in and type in a root password and let it fly across the internet in plaintext.

>
>Hmm... maybe I need to go work on a patch.
>
> Ryan
>
> 

-- 

bb&thanks
adam
Do you know what a kibibit, mebibyte, or gibibyte is?
go to http://physics.nist.gov/cuu/Units/binary.html to find out!

Relevant Pages

  • Re: in.telnetd vulnerability??
    ... > ssh is used for any administrative work, but I'll let you come tell my ... I wonder how hard it would be to write a version of the SSH client named ... telnet that would try port 22 before failing to port 23, ... telnet when used on other ports. ...
    (Focus-SUN)
  • Re: Eingehende Netzverbindung zu anderem Rechner tunneln
    ... > Zugang zum Internet via T-Online für den Admin ... > Der Server soll mit einer Firewall "dicht gemacht werden". ... > noch Zugriff via SSH, FTP und POP3 haben. ...
    (de.comp.os.unix.linux.misc)
  • Re: ssh/scp forwarding ???
    ... Ben schrieb: ... Once I've got a terminal up on B, I can then SSH to computer ... "extra permission" to directly access the data on C, ... If I were the admin, i wouldn't give you a direct access, I just would ...
    (comp.os.linux.networking)
  • RE: Illegal user ssh probes
    ... the attacked account names. ... Subject: Illegal user ssh probes ... On linux the admin account could possibly lead to access on the box. ...
    (SSH)
  • Re: non interactive sftp?
    ... admin in the ssh configurations, after I study the man-pages from ... OpenSSH website (the admin did not even configure the man-pages). ... "IdentityFile" somewhere for the ssh users to access. ... ssh will regard this "sftp>" simply as one "extra command". ...
    (comp.security.ssh)