Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

potential exploit in SSH ?

  • 15-05-2002 7:11pm
    #1
    Registered Users, Registered Users 2 Posts: 2,518 ✭✭✭


    One of the users of a box (FreeBSD 4.6-prerelease) I look after in college has informed me he was able to use ssh to gain root privelges on the server. Which was proved by logs.

    Unfortunately he's being very annoying and won't tell me or the other admin exactly how he did it.

    I know theres a bug in SSH1 that allows you to send arbitrary commands as the ssh daemon (ie: root), but this server is set to prefer SSH2.

    Anyone else heard anything about this ?


Comments

  • Closed Accounts Posts: 29 simpsons rule


    Originally posted by Hecate
    One of the users of a box (FreeBSD 4.6-prerelease) I look after in college has informed me he was able to use ssh to gain root privelges on the server. Which was proved by logs.
    maybe he was just logged in , in SSH and then did something completely and uttterly not to do with ssh. its always handy to be signed up to those bug reports mailing lists to keep on top of the changes .


  • Registered Users, Registered Users 2 Posts: 4,485 ✭✭✭Gerry


    Theres a root exploit if sshd is set to use the login program (UseLogin in sshd_config) but I didn't think it applied to freebsd login, just solaris and linux.


Advertisement