Full Disclosure mailing list archives
RE: Betr.: RE: Automated ssh scanning
From: "Todd Towles" <toddtowles () brookshires com>
Date: Thu, 26 Aug 2004 12:50:55 -0500
It could be, but he said it was patched. I didn't run the test of course. I never said it was the kernel however, it could be a service running. And unknown does not equal zero-day. But the tool got root and he doesn't know how. That is the point. Kernel, old service, whatever. It would be nice to find it. -----Original Message----- From: Pascal Zoutendijk [mailto:Pascal.Zoutendijk () tbwa nl] Sent: Thursday, August 26, 2004 12:15 PM To: Todd Towles Subject: Betr.: RE: [Full-disclosure] Automated ssh scanning Hi, Maybe I missed a point, but everybody seems to be focussing now on whether the kernel is vulnerable from a non privileged account. Couldn't it simply be that he forgot an SSH patch which caused the exploit?
"Todd Towles" <toddtowles () brookshires com> 26-08-04 18:03 >>>
I agree, so we are looking at a unknown local exploit for woody or we are all missing something. -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Tig Sent: Thursday, August 26, 2004 9:28 AM To: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Automated ssh scanning On Thu, 26 Aug 2004 09:08:15 -0500 (CDT) Ron DuFresne <dufresne () winternet com> wrote:
the real thing this user most likely suffered from was the weak account passwd double, guest:guest. Now, if the admin and other account were setup with strong passwd's and this account was either setup with a strong passwd or not setup at all might be a better test of the stability of ssh and the debain setup in question. Thanks, Ron DuFresne
I think some people are not really reading or understanding what is going on. The box was a default install with one or two weak passwords for _user_ accounts and a _strong_ password for the root. Withing a short while, the root account was compromised, after the weak user account was broken. I suggest people re-read what Richard Verwayen has been saying (in German English, but still very readable :]) Basically, if you have a weak password on a user account, your root account on a Debain box is screwed, other *nix distros maybe as well. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _____________________________________________________________________ This message has been checked for all known viruses. _____________________________________________________________________ This message has been checked for all known viruses. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Betr.: RE: Automated ssh scanning Todd Towles (Aug 26)
- Re: Betr.: RE: Automated ssh scanning Blue Boar (Aug 26)
- Re: Betr.: RE: Automated ssh scanning VeNoMouS (Aug 26)
- Re: Betr.: RE: Automated ssh scanning Blue Boar (Aug 26)
- Re: Betr.: RE: Automated ssh scanning Henrik Persson (Aug 27)
- Re: Betr.: RE: Automated ssh scanning Henrik Persson (Aug 27)
- Re: Betr.: RE: Automated ssh scanning Andrew Farmer (Aug 27)
- Re: Betr.: RE: Automated ssh scanning Christian (Aug 27)
- Re: Betr.: RE: Automated ssh scanning VeNoMouS (Aug 26)
- Re: Betr.: RE: Automated ssh scanning Blue Boar (Aug 26)