Re: hacked through ssh
From: Darren Tucker (dtucker_at_dodgy.net.au)
Date: 03/10/04
- Next message: Owen Dunn: "Re: PuTTY 0.54 hangs intermittently on Windows 2000"
- Previous message: Richard E. Silverman: "Re: hacked through ssh"
- In reply to: John: "hacked through ssh"
- Next in thread: John: "Re: hacked through ssh"
- Reply: John: "Re: hacked through ssh"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 10 Mar 2004 05:39:02 +0000 (UTC)
In article <704ecc39.0403091430.644561b5@posting.google.com>,
John <mcgowan@lynch2.com> wrote:
>I've got a D2D backup applicance that came preinstalled with a version
>of RH Linux. Not sure which version. However I am sure that it is
>running OpenSSH_3.1p1.
[...]
>I'm 99% convinced (from searching google for half a day) that this was
>due to the old version of OpenSSH and the fact that I had SSH open up
>to the outside world. But I have not encountered any real proof that
>what I'm looking at came from those mistakes.
That version of OpenSSH did have an exploitable problem in some
configurations (unless it was patched by the vendor):
http://www.openssh.com/txt/preauth.adv
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
- Next message: Owen Dunn: "Re: PuTTY 0.54 hangs intermittently on Windows 2000"
- Previous message: Richard E. Silverman: "Re: hacked through ssh"
- In reply to: John: "hacked through ssh"
- Next in thread: John: "Re: hacked through ssh"
- Reply: John: "Re: hacked through ssh"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
