Re: chkrootkit reporting sshd vulnerable?
From: Doctor Zen (hidden@from.spammers.net)Date: 12/29/01
- Previous message: Richard E. Silverman: "Re: chkrootkit reporting sshd vulnerable?"
- In reply to: Richard E. Silverman: "Re: chkrootkit reporting sshd vulnerable?"
- Next in thread: Henri Karrenbeld: "Re: chkrootkit reporting sshd vulnerable?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Doctor Zen <hidden@from.spammers.net> Date: Sat, 29 Dec 2001 18:19:03 +0000
Richard E. Silverman wrote:
>>>>>> "DZ" == Doctor Zen <hidden@from.spammers.net> writes:
>
> DZ> ssh 3.0.1 (commercial) and chkrootkit v0.33 When I run chkrootkit
> DZ> locally it reports sshd not vulnerable, but when I ssh into the
> DZ> box and then run chkrootkit on it in the shell I get "sshd
> DZ> vulnerable but disabled".
> >> This is a little confusing. When you say "locally," I think you
> >> actually mean remotely -- that is on "the box" in question from
> >> elsewhere, examining its open network ports.
>
> DZ> No, "locally" means sitting at the keyboard with the box in front
> DZ> of me.
>
> Oh -- you meant you get different results depending on whether you log in
> on the console, versus logging via SSH and running the same tool? I would
> say in both cases you're running chkrootkit "locally." Whatever.
For example:
<sit in front of machineA>
root@machineA # chkrootkit
sshd not vulnerable
<go upstairs and sit in front of machineB>
me@machineB # ssh -l root machineA
root@machineA # chkrootkit
sshd vulnerable but disabled
I hope this clarifies it for you, and BTW if you reverse the scenario (test
machineB both locally and from machineA) the result is the same.
Doc
- Previous message: Richard E. Silverman: "Re: chkrootkit reporting sshd vulnerable?"
- In reply to: Richard E. Silverman: "Re: chkrootkit reporting sshd vulnerable?"
- Next in thread: Henri Karrenbeld: "Re: chkrootkit reporting sshd vulnerable?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
