Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SSH2 Exploit?

From: Ken.Williams () EY COM (Ken Williams)
Date: Thu, 10 Feb 2000 18:57:13 -0600

there could very well be several unpublished ssh2 exploits, but you need to consider other "non ssh-related" security 
concerns too, like ...

- attacker had physical access to the box
- attacker brute-forced legitimate login/passwd
- attacker shoulder-surfed a passwd
- attacker social-engineered a passwd
- somebody (new admin?) accidentally/intentionally started a daemon/daemons that opened up another point of entry for 
attacker
- use your imagination for lots of additional scenarios

to answer your question about "most secure version of ssh" though, check out OpenSSH 1.2.2, by the OpenBSD gang 
<http://www.openssh.com/>.

- kw

jonz () NETRAIL NET on 02/10/2000 06:32:17 PM

Please respond to jonz () NETRAIL NET@Internet
To:     INCIDENTS () SECURITYFOCUS COM@Internet
cc:     
Subject:        SSH2 Exploit?

We recently had one of our remote logging servers compromised.  It was
totally locked down running only ssh2; all inet processes were turned off.
Unfortunately, they obliterated the disk so we were not able to get any
information about how they exploited our machine, however since the only
point of entry was SSH2, I'm very concerned about a possibly vulnerability
in the code.  What is the general consensus of the 'most secure' version of
ssh? 1.2.27?

Thank you,

Jonathan A. Zdziarski
Director - MIS
NetRail, inc.
230 Peachtree St.
Suite 1700
Atlanta, GA 30303
404-522-5400 x240

*******************************************************************************
Note:          The information contained in this message may be privileged and confidential and protected from 
disclosure.  If the reader of this message is not the intended recipient, or an employee or agent responsible for 
delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or 
copying of this communication is strictly prohibited. If you have received this communication in error, please notify 
us immediately by replying to the message and deleting it from your computer.  Thank you.  Ernst & Young LLP
*******************************************************************************
Previous By Date Next
Previous By Thread Next

Current thread: