Full Disclosure mailing list archives
Re: SSH Exploit Request
From: "Gregory A. Gilliss" <ggilliss () netpublishing com>
Date: Fri, 14 Nov 2003 21:27:53 -0800
How would updating ssh bring down a production system? http://www.gilliss.com/cgi-bin/presentation?title=Building+a+Backdoor+Binary& name=Backdoor&total=49&rank=1 When I was writing this, I found *lots* of instances where the coding (mine, unfortunately) left the daemon(s) lying around doing gawd knows what on the system (and you hung your session besides). Console was the only reason that I got the code working so that I could do the presentation (not that I'd ever trojan an sshd on a system, for educational purposes only, ...) G On or about 2003.11.14 21:10:04 +0000, Valdis.Kletnieks () vt edu (Valdis.Kletnieks () vt edu) said:
Well, *that* particular one is unlikely. But I've seen it happen. You install a borked build of ssh (shared lib dependencies are FUN), restart it, your session goes bye-bye, and you can't get back in to fix the runaway sshd that's chewing all the resources.... The more generic point is that in larger shops, you usually need to get *everything* planned and OK'ed in advance, including backout plans. And even then things go wrong. I'm sure I'm not the only sysadmin who's SSH'ed in to an ill box, decided a reboot was needed, and typed 'shutdown -i6 -g0 -y' (runlevel 6 to reboot, zero seconds grace, and don't prompt me), and instead realized 7 seconds later that what the other end *received* was '-i0 -g6 -y' (poweroff with 6 seconds warning), and made a bad situation worse. What *I*'d like to know is how the transposition gremlins know that it's 2AM on a major holiday, or a snowstorm, or other reason that the NOC is running lights-out and nobody's there to push the button to power it back on..
-- Gregory A. Gilliss, CISSP E-mail: greg () gilliss com Computer Security WWW: http://www.gilliss.com/greg/ PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: SSH Exploit Request, (continued)
- Re: SSH Exploit Request Paul Schmehl (Nov 14)
- Re: SSH Exploit Request madsaxon (Nov 14)
- Re: SSH Exploit Request Jeremiah Cornelius (Nov 14)
- Re: SSH Exploit Request madsaxon (Nov 14)
- Re: SSH Exploit Request Valdis . Kletnieks (Nov 15)
- Re: SSH Exploit Request Rodrigo Barbosa (Nov 14)
- Re: SSH Exploit Request Valdis . Kletnieks (Nov 14)
- IE Vulnerability Sites Edward W. Ray (Nov 14)
- Re: SSH Exploit Request Peter Moody (Nov 14)
- Re: SSH Exploit Request Chris Watson (Nov 14)
- Re: SSH Exploit Request Gregory A. Gilliss (Nov 14)
- Re: SSH Exploit Request Bryan Allen (Nov 15)
- Re: SSH Exploit Request Valdis . Kletnieks (Nov 15)
- Re: SSH Exploit Request Vladimir Parkhaev (Nov 15)
- Re: SSH Exploit Request Valdis . Kletnieks (Nov 15)
- Re: SSH Exploit Request Vladimir Parkhaev (Nov 16)
- Re: SSH Exploit Request Valdis . Kletnieks (Nov 16)
- Re: SSH Exploit Request Jonathan A. Zdziarski (Nov 16)
- spoofing sir kaber (Nov 16)
- Re: SSH Exploit Request Ron DuFresne (Nov 16)
- Re: SSH Exploit Request KF (Nov 14)