Advertisement
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.
Hi all, please see this major site announcement: https://www.boards.ie/discussion/2058427594/boards-ie-2026

potential exploit in SSH ?

  • 15-05-2002 08:11PM
    #1
    Hecate
    Registered Users, Registered Users 2 Posts: 2,518 ✭✭✭


    One of the users of a box (FreeBSD 4.6-prerelease) I look after in college has informed me he was able to use ssh to gain root privelges on the server. Which was proved by logs.

    Unfortunately he's being very annoying and won't tell me or the other admin exactly how he did it.

    I know theres a bug in SSH1 that allows you to send arbitrary commands as the ssh daemon (ie: root), but this server is set to prefer SSH2.

    Anyone else heard anything about this ?


Comments

  • #2
    simpsons rule
    Closed Accounts Posts: 29 simpsons rule


    Originally posted by Hecate
    One of the users of a box (FreeBSD 4.6-prerelease) I look after in college has informed me he was able to use ssh to gain root privelges on the server. Which was proved by logs.
    maybe he was just logged in , in SSH and then did something completely and uttterly not to do with ssh. its always handy to be signed up to those bug reports mailing lists to keep on top of the changes .


  • #3
    Gerry
    Registered Users, Registered Users 2, Paid Member Posts: 4,551 ✭✭✭Gerry


    Theres a root exploit if sshd is set to use the login program (UseLogin in sshd_config) but I didn't think it applied to freebsd login, just solaris and linux.


Advertisement
Advertisement