Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

potential exploit in SSH ?

Options
  • 15-05-2002 8:11pm
    #1
    Hecate
    Registered Users Posts: 2,518 ✭✭✭


    One of the users of a box (FreeBSD 4.6-prerelease) I look after in college has informed me he was able to use ssh to gain root privelges on the server. Which was proved by logs.

    Unfortunately he's being very annoying and won't tell me or the other admin exactly how he did it.

    I know theres a bug in SSH1 that allows you to send arbitrary commands as the ssh daemon (ie: root), but this server is set to prefer SSH2.

    Anyone else heard anything about this ?


Comments

  • Options
    #2
    simpsons rule
    Closed Accounts Posts: 29 simpsons rule


    Originally posted by Hecate
    One of the users of a box (FreeBSD 4.6-prerelease) I look after in college has informed me he was able to use ssh to gain root privelges on the server. Which was proved by logs.
    maybe he was just logged in , in SSH and then did something completely and uttterly not to do with ssh. its always handy to be signed up to those bug reports mailing lists to keep on top of the changes .


  • Options
    #3
    Gerry
    Registered Users Posts: 4,428 ✭✭✭Gerry


    Theres a root exploit if sshd is set to use the login program (UseLogin in sshd_config) but I didn't think it applied to freebsd login, just solaris and linux.


Advertisement