[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Betr.: RE: [Full-Disclosure] Automated ssh scanning
- To: "Pascal Zoutendijk" <Pascal.Zoutendijk@xxxxxxx>
- Subject: RE: Betr.: RE: [Full-Disclosure] Automated ssh scanning
- From: "Todd Towles" <toddtowles@xxxxxxxxxxxxxxx>
- Date: Thu, 26 Aug 2004 12:50:55 -0500
It could be, but he said it was patched. I didn't run the test of
course.
I never said it was the kernel however, it could be a service running.
And unknown does not equal zero-day. But the tool got root and he
doesn't know how. That is the point. Kernel, old service, whatever. It
would be nice to find it.
-----Original Message-----
From: Pascal Zoutendijk [mailto:Pascal.Zoutendijk@xxxxxxx]
Sent: Thursday, August 26, 2004 12:15 PM
To: Todd Towles
Subject: Betr.: RE: [Full-Disclosure] Automated ssh scanning
Hi,
Maybe I missed a point, but everybody seems to be focussing now on
whether the kernel is vulnerable from a non privileged account. Couldn't
it simply be that he forgot an SSH patch which caused the exploit?
>>> "Todd Towles" <toddtowles@xxxxxxxxxxxxxxx> 26-08-04 18:03 >>>
I agree, so we are looking at a unknown local exploit for woody or we
are all missing something.
-----Original Message-----
From: full-disclosure-admin@xxxxxxxxxxxxxxxx
[mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of Tig
Sent: Thursday, August 26, 2004 9:28 AM
To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] Automated ssh scanning
On Thu, 26 Aug 2004 09:08:15 -0500 (CDT) Ron DuFresne
<dufresne@xxxxxxxxxxxxx> wrote:
>
>
> the real thing this user most likely suffered from was the weak
> account passwd double, guest:guest. Now, if the admin and other
> account were setup with strong passwd's and this account was either
> setup with a strong passwd or not setup at all might be a better test
> of the stability of ssh and the debain setup in question.
>
> Thanks,
>
> Ron DuFresne
>
I think some people are not really reading or understanding what is
going on. The box was a default install with one or two weak passwords
for _user_ accounts and a _strong_ password for the root.
Withing a short while, the root account was compromised, after the weak
user account was broken. I suggest people re-read what Richard Verwayen
has been saying (in German English, but still very readable :])
Basically, if you have a weak password on a user account, your root
account on a Debain box is screwed, other *nix distros maybe as well.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_____________________________________________________________________
This message has been checked for all known viruses.
_____________________________________________________________________
This message has been checked for all known viruses.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html