Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Automated ssh scanning

From: "Todd Towles" <toddtowles () brookshires com>
Date: Thu, 26 Aug 2004 11:03:27 -0500
I agree, so we are looking at a unknown local exploit for woody or we
are all missing something. 

-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Tig
Sent: Thursday, August 26, 2004 9:28 AM
To: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Automated ssh scanning

On Thu, 26 Aug 2004 09:08:15 -0500 (CDT) Ron DuFresne
<dufresne () winternet com> wrote:




the real thing this user most likely suffered from was the weak 
account passwd double, guest:guest.  Now, if the admin and other 
account were setup with strong passwd's and this account was either 
setup with a strong passwd or not setup at all might be a better test 
of the stability of ssh and the debain setup in question.

Thanks,

Ron DuFresne



I think some people are not really reading or understanding what is
going on. The box was a default install with one or two weak passwords
for _user_ accounts and a _strong_ password for the root.

Withing a short while, the root account was compromised, after the weak
user account was broken. I suggest people re-read what Richard Verwayen
has been saying (in German English, but still very readable :])

Basically, if you have a weak password on a user account, your root
account on a Debain box is screwed, other *nix distros maybe as well.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: