Full Disclosure mailing list archives
RE: !SPAM! Automated ssh scanning
From: Stephen Agar <Stephen.Agar () bmhcc org>
Date: Thu, 26 Aug 2004 10:28:18 -0500
I think many of you are missing the point. Yes the guest/guest account is weak, but this kernel is (according to debian) patched..therefore free from local exploits that can be used to gain superuser access. I mean if this were the case, then any box that ran this version of debian to do something like "web hosting" that gave users shell access, may as well give them all full sudo. Because you people are assuming that if someone can gain access to the box, secured or not, they can gain root..i disagree. I feel totally confident that if you gain access to my FreeBSD 4.10 box with an unpriveleged account (not that you will, of course) then you will remain an "unpriveleged user" no local root exploit....no worries. --stephen
-----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Todd Towles Sent: Thursday, August 26, 2004 8:12 AM To: Richard Verwayen; FD Subject: RE: !SPAM! [Full-disclosure] Automated ssh scanning The kernel could be save. But with weak passwords, you are toast. Any automated tool would test guest/guest. -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Richard Verwayen Sent: Thursday, August 26, 2004 6:08 AM To: 'FD' Subject: RE: !SPAM! [Full-disclosure] Automated ssh scanning On Thu, 2004-08-26 at 11:47, Yaakov Yehudi wrote:In spite of many reports to the contrary, Linux is _not_ secure bydefault.Did you harden it? There is a lot of documentation on theweb as tohow to go about it. YYHello Yaakov, This system was a pure debian woody none-production one with all services disabled - just ssh was left open in order to see for what purpose the scan was! Yes, there was a guest account with a weak passwort (guest) on it! And yes, they logged in and became root in no time. But I thought the kernel compiled from the latest debian woody kernel-source could be considered to be save. But I was wrong! So I posted the tools used by the attackers to this list and also to the debian security team. Richard _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: !SPAM! Automated ssh scanning, (continued)
- Re: !SPAM! Automated ssh scanning Tremaine (Aug 26)
- Re: !SPAM! Automated ssh scanning Richard Verwayen (Aug 26)
- Re: !SPAM! Automated ssh scanning Jan Luehr (Aug 26)
- Re: !SPAM! Automated ssh scanning Barry Fitzgerald (Aug 26)
- Re: !SPAM! Automated ssh scanning Ron DuFresne (Aug 26)
- Re: !SPAM! Automated ssh scanning Jan Luehr (Aug 26)
- Re: !SPAM! Automated ssh scanning Ron DuFresne (Aug 26)
- Re Automated ssh scanning Mister Coffee (Aug 26)
- RE: !SPAM! Automated ssh scanning Ron DuFresne (Aug 26)
- Re: !SPAM! Automated ssh scanning Tremaine (Aug 26)
- Re: !SPAM! Automated ssh scanning Richard Verwayen (Aug 26)
- Re: Automated ssh scanning Matt Zimmerman (Aug 26)
- Re: !SPAM! Automated ssh scanning sec-focus (Aug 26)
- Re: !SPAM! Automated ssh scanning andreas (Aug 27)
- Re: !SPAM! Automated ssh scanning Robert Jaroszuk (Aug 27)
- Re: Automated ssh scanning Matt Zimmerman (Aug 27)
- Re: !SPAM! Automated ssh scanning Chris Adams (Aug 30)