Re: chkrootkit reporting sshd vulnerable?

From: Doctor Zen (hidden@from.spammers.net)
Date: 12/29/01

• Next message: Doctor Zen: "Re: chkrootkit reporting sshd vulnerable?"
• Previous message: nickd@nospam.demon.co.uk: "Re: chkrootkit reporting sshd vulnerable?"
• In reply to: Richard E. Silverman: "Re: chkrootkit reporting sshd vulnerable?"
• Next in thread: Richard E. Silverman: "Re: chkrootkit reporting sshd vulnerable?"
• Reply: Richard E. Silverman: "Re: chkrootkit reporting sshd vulnerable?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: Doctor Zen <hidden@from.spammers.net>
Date: Sat, 29 Dec 2001 14:54:04 +0000

Richard E. Silverman wrote:

>>>>>> "DZ" == Doctor Zen <hidden@from.spammers.net> writes:
>
> DZ> ssh 3.0.1 (commercial) and chkrootkit v0.33 When I run chkrootkit
> DZ> locally it reports sshd not vulnerable, but when I ssh into the
> DZ> box and then run chkrootkit on it in the shell I get "sshd
> DZ> vulnerable but disabled".
>
> This is a little confusing. When you say "locally," I think you actually
> mean remotely -- that is on "the box" in question from elsewhere,
> examining its open network ports.

No, "locally" means sitting at the keyboard with the box in front of me.

> Anyway, I don't know anything about chkrootkit, but this makes sense.
> Assuming it is referring to a vulnerability in sshd1, when scanning the
> box remotely, the tool can only see that protocol 1 is disabled, and so
> reports that the host is not vulnerable. Running it on the host, however,
> it can see that sshd1 is installed, but not available, and so it reports
> that.
>

Hmm, might be. Thanks Richard.

---

• Next message: Doctor Zen: "Re: chkrootkit reporting sshd vulnerable?"
• Previous message: nickd@nospam.demon.co.uk: "Re: chkrootkit reporting sshd vulnerable?"
• In reply to: Richard E. Silverman: "Re: chkrootkit reporting sshd vulnerable?"
• Next in thread: Richard E. Silverman: "Re: chkrootkit reporting sshd vulnerable?"
• Reply: Richard E. Silverman: "Re: chkrootkit reporting sshd vulnerable?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: [Full-disclosure] Vulnerabilities digest ... Elektreports protection bypass vulnerability in ... Original message (in Russian): ... (Full-Disclosure) [Full-disclosure] Vulnerabilities digest ... Original message (in Russian): http://securityvulns.ru/Sdocument67.html ... MustLive reports Crossite-Cripting vulnerability in WordPress ... Original message: http://securityvulns.ru/Rdocument875.html ... (Full-Disclosure) Vulnerabilities digest ... Original message (in Russian): http://securityvulns.ru/Sdocument67.html ... MustLive reports Crossite-Cripting vulnerability in WordPress ... Original message: http://securityvulns.ru/Rdocument875.html ... (Bugtraq) [Full-disclosure] Fwd: IE7 is a Source of Problem - Secunia IE7 Release Incident of October ... IE7 is a Source of Problem - Secunia IE7 Release Incident ... I am not defending Microsoft. ... and Microsoft say "These reports are technically inaccurate: ... if you have to write down a vulnerability report on it?. ... (Full-Disclosure) Re: chkrootkit reporting sshd vulnerable? ... > DZ> locally it reports sshd not vulnerable, but when I ssh into the ... Chkrootkit only works locally, worth two minutes of your time Mr. Silverman ... > Assuming it is referring to a vulnerability in sshd1, ... > reports that the host is not vulnerable. ... (comp.security.ssh)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.ssh  > 2001-12