RE: OpenSSH (version < 3.4p1) && linux

["Benninghoff, John" <John.Benninghoff () Rbcdain com>]

This advisory from OpenSSH should help clear this up: http://www.openssh.com/txt/preauth.adv

Linux and Solaris are vulnerable if they support logon via s/key (I don't know if this is a default or not), due to a 
bug in the ChallengeResponseAuthentication code. They _might_ be vulnerable to a bug in the PAMAuthenticationViaKbdInt 
code, however, this has not been confirmed, and AFAIK, there are no working exploits currently circulating (i.e. 
Gobbles didn't release code for Linux) Considering that the flaws are almost identical, the PAM bug is most likely 
exploitable.

-----Original Message-----
From: chris [mailto:chris () secure-packets com]
Sent: Sunday, July 14, 2002 9:50 AM
To: pen-test () securityfocus com
Subject: OpenSSH (version < 3.4p1) && linux


It seems there is much debate on whether linux based hosts are
vulnerable to the recent remote root exploit for OpenSSH.  I have seen
advisories for FreeBSD/NetBSD/OpenBSD but the two systems that I have
most encountered in my tests are Linux and Solaris, though I can't find
a proof of concept exploit for these systems.  Any information would be
greatly appreciated.  

Thanx,
::chris




----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/