Re: OpenSSH

• Previous message: Dawes, Rogan (ZA - Johannesburg): "RE: Wardialing"
• In reply to: Jeremy Junginger: "OpenSSH"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 10 Sep 2002 21:26:43 -0400
From: Anthony D Cennami <acennami@metconnect.net>
To: Jeremy Junginger <jjunginger@usbestcrm.com>

Non BSD systems by default, as they do not use BSDAUTH, are not
(currently) vulnerable to this breach, to the best of my knowledge.

In any case, it would be advisable to use an updated priv-sep enabled
version of the software.

Regards,

Anthony

Jeremy Junginger wrote:

>
> Hello,
>
> I am back again, and auditing an internally accessible ssh server for
> the challenge-response buffer overflow. I'll keep it brief:
>
> OS: RedHat Linux (6.2)
> SSH Version: SSH-1.99-OpenSSH_3.1p1
>
> I have already done the following:
>
> Downloaded and extracted openssh-3.2.2p1.tar.gz
> Patched the client with ssh.diff (patch < ssh.diff)
> Compiled patched client ( ./configure && make ssh)
> Run the "patched" ssh (./ssh x.x.x.x)
>
> I am receiving the following output
> ./scanssh 172.16.51.23
> [*] remote host supports ssh2
> [*] server_user: root:skey
> [*] keyboard-interactive method available
> [x] bsdauth (skey) not available
> Permission denied (publickey,password,keyboard-interactive).
>
> I have not investigated any further, but don't feel comfortable calling
> the service "secured" without a little peer review. Do you have any
> tips on manipulating the method, style, repeats, chunk size, or
> connect-back shellcode repeat? Any ideas will be greatly appreciated.
> Thanks, and have a great day!
>
> -Jeremy
>
>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Previous message: Dawes, Rogan (ZA - Johannesburg): "RE: Wardialing"
• In reply to: Jeremy Junginger: "OpenSSH"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: Laboratory Setup Help (RS) ... >> This list is provided by the SecurityFocus Security ... For more information on SecurityFocus' SIA service which ... >> vulnerabilities please see: ... >This list is provided by the SecurityFocus Security Intelligence Alert ... (Pen-Test) RE: Cross Site Scripting Vulnerabilities - XSS ... Cross Site Scripting Vulnerabilities - XSS ... >> This list is provided by the SecurityFocus Security Intelligence ... For more information on SecurityFocus' SIA service which ... (Pen-Test) Re: Cross Site Scripting Vulnerabilities - XSS ... Cross Site Scripting Vulnerabilities - XSS ... >>> This list is provided by the SecurityFocus Security Intelligence ... For more information on SecurityFocus' SIA service which ... (Pen-Test) RE: Vulnebrability level definition ... 'severity' of a given vulnerability, and this severity can change with time. ... different methodologies to rate vulnerabilities and present the associated ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test) Re: Scanners and unpublished vulnerabilities - Full Disclosure ... AH> vulnerabilities they have notified vendors about. ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint