Bugtraq mailing list archives

Re: sshd1 allows unencrypted sessions regardless of server policy

From: davids () WEBMASTER COM (David Schwartz)
Date: Wed, 15 Dec 1999 13:32:37 -0800

That aside, this hole could be useful in a situation where Party A wants
to help Party B compromise a system without leaving a paper trail.  Party
A trojans an ssh client binary, Innocent Bystander C does an ssh
connection somewhere, and Party B sniffs the cleartext traffic.  No
evidence to point to Party B.  If instead Party A trojaned the binary to
send Party B a carbon-copy, and a white hat could extract this, then Party
B is implicated.

jm


        Nonsense. He could just as easily trojan ssh to broadcast the encryption
key. If he can sniff the cleartext traffic, he can sniff the key. The point
stands -- a server cannot protect you against a client compromise.

        DS

Current thread:

Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability, (continued)
- - - Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability Federico - Comnet S.A. (Dec 15)
    - Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70Vulnerability ussr secure (Dec 16)
    - Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability Tim (Dec 15)
    - Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability Ussr Labs (Dec 15)
    - CERT Advisory CA-99-16 Buffer Overflow in Sun Solstice AdminSuite Daemon sadmind Elias Levy (Dec 14)
    - Statement: Local / Remote D.o.S Attack in War FTP Daemon 1.70 Jarle Aase (Dec 16)
  - sshd1 allows unencrypted sessions regardless of server policy Markus Friedl (Dec 14)
    - Re: sshd1 allows unencrypted sessions regardless of server policy Michael H. Warfield (Dec 14)
    - Re: sshd1 allows unencrypted sessions regardless of server policy Pavel Machek (Dec 14)
    - Re: sshd1 allows unencrypted sessions regardless of server policy Joseph Moran (Dec 14)
    - Re: sshd1 allows unencrypted sessions regardless of server policy David Schwartz (Dec 15)
    - SSH-1.2.27 & RSAREF2 exploit Iván Arce (Dec 14)
    - SSH 1 Why? Daniel P. Zepeda (Dec 14)
    - Re: SSH 1 Why? Emiliano Kargieman (Dec 15)
    - Re: SSH 1 Why? Emiel Kollof (Dec 15)
    - Re: SSH 1 Why? Iván Arce (Dec 16)
    - Re: SSH 1 Why? R. J. Wysocki (Dec 18)
    - Groupewise Web Interface Sacha Faust Bourque (Dec 19)
    - Re: Groupewise Web Interface Raymond Dijkxhoorn (Dec 20)
    - Re: Groupewise Web Interface Bayard G. Bell (Dec 21)
    - Announcement: Solaris loadable kernel module backdoor plasmoid (Dec 20)

(Thread continues...)