Security Incidents mailing list archives
Re: SSH2 Exploit?
From: Ken.Williams () EY COM (Ken Williams)
Date: Thu, 10 Feb 2000 18:57:13 -0600
there could very well be several unpublished ssh2 exploits, but you need to consider other "non ssh-related" security concerns too, like ... - attacker had physical access to the box - attacker brute-forced legitimate login/passwd - attacker shoulder-surfed a passwd - attacker social-engineered a passwd - somebody (new admin?) accidentally/intentionally started a daemon/daemons that opened up another point of entry for attacker - use your imagination for lots of additional scenarios to answer your question about "most secure version of ssh" though, check out OpenSSH 1.2.2, by the OpenBSD gang <http://www.openssh.com/>. - kw jonz () NETRAIL NET on 02/10/2000 06:32:17 PM Please respond to jonz () NETRAIL NET@Internet To: INCIDENTS () SECURITYFOCUS COM@Internet cc: Subject: SSH2 Exploit? We recently had one of our remote logging servers compromised. It was totally locked down running only ssh2; all inet processes were turned off. Unfortunately, they obliterated the disk so we were not able to get any information about how they exploited our machine, however since the only point of entry was SSH2, I'm very concerned about a possibly vulnerability in the code. What is the general consensus of the 'most secure' version of ssh? 1.2.27? Thank you, Jonathan A. Zdziarski Director - MIS NetRail, inc. 230 Peachtree St. Suite 1700 Atlanta, GA 30303 404-522-5400 x240 ******************************************************************************* Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. Ernst & Young LLP *******************************************************************************
Current thread:
- Re: SSH2 Exploit? Ken Williams (Feb 10)