Bugtraq mailing list archives
Re: SSH Communications page on rootshell.com
From: root () cygone com (Mitch Vincent)
Date: Wed, 4 Nov 1998 15:33:48 -0500
Ok Ok Which is it people? You have 3 security organizations saying "The IBM analysis shows however that either the Linux operating system or GCC compiler may have a problem which manifests itself as a bug in Secure Shell. In any case, this is not a bug in Secure Shell itself. The results with Linux are also preliminary as IBM was not able to do the exploit with clean builds of Linux either. " At the same time saying there aren't exploitable vulnerabilities with SSHD, if there is a problem as described above that "manifests" itself in Secure Shell then it IS a problem with Secure Shell, no matter how indirect. I understand the authors of Secure Shell want to save face by not admitting there is a potential problem and I understand rootshell's embarrassment of being hacked. *BUT* We all need an answer to this question: "Is it possible to gain unauthorized root access to a machine using SSH?" I'm tired of "patch kits" being released to software that the author says isn't vulnerable and all these IBM-Cert-Whatever memo's going around if there is no problem. Stop with the run around people, just give everyone a straight answer. (This is not a rant to bugtraq or anyone specifically, just in general about the entire issue) Thanks! -----Original Message----- From: morex .- <morex () MOREX NET> To: BUGTRAQ () netspace org <BUGTRAQ () netspace org> Date: Tuesday, November 03, 1998 4:17 PM Subject: SSH Communications page on rootshell.com
Hello , For the paranoid people out there that think sshd is insecure you guys might want to check out http://www.ssh.fi/sshprotocols2/rootshell.html Happy halloween later morex .- morex () nirvana net
Current thread:
- SSH Communications page on rootshell.com morex .- (Oct 31)
- <Possible follow-ups>
- Re: SSH Communications page on rootshell.com Mitch Vincent (Nov 04)