Security Incidents mailing list archives
Re: SSH2 Exploit?
From: condor () SEKURE ORG (Thiago/c0nd0r)
Date: Fri, 11 Feb 2000 14:42:57 -0200
His machine was not running QPOP, but a simple POP Server, which does not have any known remote exploitation. It seems to be something with the SSH2 daemon. Regards, -condor www.sekure.org s e k u r e Portal Brasileiro de Seguranca www.securenet.com.br On Fri, 11 Feb 2000, Jonathan A. Zdziarski wrote:
I know the latest qpopper has exploits which is why we use the pre-beta versions. I've since wrapped ssh to run from inetd, and prevented any connections outside of our network. Thank you, Jonathan A. Zdziarski Director - MIS NetRail, inc. 230 Peachtree St. Suite 1700 Atlanta, GA 30303 404-522-5400 x240-----Original Message----- From: Thiago/c0nd0r [mailto:condor () sekure org] Sent: Friday, February 11, 2000 7:35 AM To: Jonathan A. Zdziarski Cc: incidents () lists securityfocus com Subject: Re: SSH2 Exploit? A friend of mine had the same problem. It was a linux box running SSH2 and a native POP server (the latest version). As it was complete erased, I was unable to recover further information. -condor www.sekure.org s e k u r e Portal Brasileiro de Seguranca www.securenet.com.br On Wed, 9 Feb 2000, Jonathan A. Zdziarski wrote:We recently had one of our remote logging servers compromised. It was totally locked down running only ssh2; all inet processes wereturned off.Unfortunately, they obliterated the disk so we were not able to get any information about how they exploited our machine, however since the only point of entry was SSH2, I'm very concerned about a possiblyvulnerabilityin the code. What is the general consensus of the 'mostsecure' version ofssh? 1.2.27? Thank you, Jonathan A. Zdziarski Director - MIS NetRail, inc. 230 Peachtree St. Suite 1700 Atlanta, GA 30303 404-522-5400 x240
Current thread:
- Port 34545, (continued)
- Port 34545 jimwebb () EASYSTREET COM (Feb 09)
- Re: Recent DDoS MMS26 (Feb 09)
- Re: Recent DDoS Vanja Hrustic (Feb 09)
- Re: Recent DDoS (was Ping flood? Whats the point?) Kerry Baker (Feb 09)
- Re: Recent DDoS (was Ping flood? Whats the point?) Eivind Eklund (Feb 11)
- SSH2 Exploit? Jonathan A. Zdziarski (Feb 09)
- Re: SSH2 Exploit? Alexander Kiwerski (Feb 10)
- Re: SSH2 Exploit? Richard Trott (Feb 10)
- Re: SSH2 Exploit? Thiago/c0nd0r (Feb 11)
- Re: SSH2 Exploit? Jonathan A. Zdziarski (Feb 11)
- Re: SSH2 Exploit? Thiago/c0nd0r (Feb 11)
- Re: SSH2 Exploit? Mike Tancsa (Feb 15)
- Re: SSH2 Exploit? //Stany (Feb 16)
- Re: SSH2 Exploit? sysadmin (Feb 16)
- AdForce hitting odd ports Rick Tortorella (Feb 11)
- UDP to 161 CL: Nelson, Jeff (Feb 10)
- Re: UDP to 161 Pavel Kankovsky (Feb 15)
- Re: UDP to 161 Ryan Russell (Feb 15)
- Re: UDP to 161 CyberPsychotic (Feb 16)
- Re: UDP to 161 Russell Fulton (Feb 15)
- Re: Private networks and home.{net|com} Andy Smith (Feb 09)