Bugtraq mailing list archives

Re: SSH 1.x and 2.x Daemon

From: alan () CLUESERVER ORG (Alan Olsen)
Date: Sun, 24 Jan 1999 19:31:34 -0800


At 05:06 PM 1/23/99 -0500, KuRuPTioN wrote:

There seems to be incomplete code in the SSH daemon in both versions 1.2.27
and 2.0.11 (only tested).  The bug simply allows users who with expired
accounts (in /etc/shadow) to continue to login even though other such
services such as ftp and telnet deny access.  Here is the log using 1.2.27
(but the same happens with 2.0.11).


Furthermore, if the account is disabled in /etc/passwd and a user logs in
via a public key, they are still allowed access.  (So just diabling a user
account is not enough anymore.  You have to look for uses of public keys as
well.)

This may not exist in the 2.x series (I have not tested it there), but it
does occur in the 1.2.x series.  (I have not tested the latest version on
this...)

I would verify the above before panic, but I have seen it occur under one
such install of 1.2.x.  (I will have to look up the version.  The drive was
removed soon after due to hacker d00dz.)
---
|      Bill Clinton - Bringing back the Sixties one Nixon at a time!     |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|                                                  | behind the keyboard.|
|         http://www.ctrl-alt-del.com/~alan/       |alan () ctrl-alt-del com|

Current thread:

Re: Perl.exe and IIS security advisory, (continued)
- - - Re: Perl.exe and IIS security advisory Tabor J. Wells (Jan 24)
    - Repost: Wietse's FTP site has moved Wietse Venema (Jan 25)
    - Using Example Domain Names in Exploits bandregg () REDHAT COM (Jan 25)
    - IIS Advisory Update Marc (Jan 24)
- backdoored tcp wrapper source code Wietse Venema (Jan 21)
  - Re: backdoored tcp wrapper source code John Stange (Jan 23)
    - SSH 1.x and 2.x Daemon KuRuPTioN (Jan 23)
    - Re: SSH 1.x and 2.x Daemon Jan B. Koum (Jan 24)
    - Re: SSH 1.x and 2.x Daemon Linux Mailing Lists (Jan 25)
    - Re: SSH 1.x and 2.x Daemon KuRuPTioN (Jan 25)
    - Re: SSH 1.x and 2.x Daemon Alan Olsen (Jan 24)
    - baynetworks router DoS Virsoft (Jan 25)
    - Re: baynetworks router DoS Neale Banks (Jan 26)
    - 2.2.0 SECURITY (fwd) Aaron Lehmann (Jan 26)
    - IBM CICS Universal Client 3.x Rude Yak (Jan 27)
    - Re: SSH 1.x and 2.x Daemon Yutaka OIWA (Jan 25)
    - Call for Papers: UNIX AND WINDOWS NT Fred Donck (Jan 25)
    - New IE4 privacy issue aleph1 () UNDERGROUND ORG (Jan 25)
    - Re: SSH 1.x and 2.x Daemon Jim Bourne (Jan 25)
    - Re: backdoored tcp wrapper source code Wietse Venema (Jan 23)
    - LocalSecure Testing Program NSS SDT (Jan 21)

(Thread continues...)