Bugtraq mailing list archives
SSH 1.2.25/HP-UX 10.20 Vulnerability
From: security () SIAMRELAY COM (Security Research Team)
Date: Thu, 10 Sep 1998 04:59:05 -0400
__________________________________________________________ S.A.F.E.R. Security Bulletin 980907.EXP.1.1 __________________________________________________________ TITLE: Vulnerability with HP-UX 10.20 and SSH 1.2.25 DATE: September 7, 1998 NATURE: Local compromise (remote under some circumstances) PLATFORMS: HP-UX 10.20 (possibly other versions of HP-UX) DETAILS: A vulnerability exists in HP-UX systems (tested on 10.20 that was converted to "trusted system") using SSH 1.2.25. When administrator creates a new user using SAM, no password is assigned, but a random number is generated which the user needs to input upon first login. However, if user connects via SSH using newly created username, no password authentication is performed and user automatically drops into shell. This can be especially dangerous on systems where users are added on a daily basis (universities for example) and other users aware of this bug could gain access to newly created accounts (remote users could gain information about new users using finger command, for example). FIXES: SSH 1.2.26 is available for over a month now (this problem has been fixed). Also, version 2.0 of SSH is released (completely rewritten). They are available for download at: ftp://ftp.cs.hut.fi/pub/ssh/ __________________________________________________________ S.A.F.E.R. - Security Alert For Entreprise Resources Copyright (c) 1998 Siam Relay Ltd. http://siamrelay.com/safer --- security () siamrelay com __________________________________________________________
Current thread:
- Re: NT4-SP3 Sequence Prediction nate () ROOT ORG (Sep 09)
- Re: NT4-SP3 Sequence Prediction Mark Gansle (Sep 09)
- SSH 1.2.25/HP-UX 10.20 Vulnerability Security Research Team (Sep 10)
- Re: SSH 1.2.25/HP-UX 10.20 Vulnerability Joao Miguel Neves (Sep 10)
- <Possible follow-ups>
- Re: NT4-SP3 Sequence Prediction Steve Bellovin (Sep 09)