Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SSH brute force blocking tool

From: Tavis Ormandy <taviso () gentoo org>
Date: Tue, 28 Nov 2006 16:16:21 +0000
On Tue, Nov 28, 2006 at 04:02:36PM +0000, Tavis Ormandy wrote:

On Tue, Nov 28, 2006 at 10:56:33AM -0500, J. Oquendo wrote:

Incorrect did you look at the fix? It isn't unsanitized as you state:


J, you have made an attempt to fix it, but is is not sufficient.

An attacker can still add arbitrary hosts to the deny list.


I notice you also havnt solved the local privilege escalation, this can
be abused by local users to gain root by attempting to login with the
username set to a valid passwd entry and then winning the race condition
by creating a symlink to the system passwd file (of course, there are
dozens of other attacks).

Thanks, Tavis.

-- 
-------------------------------------
taviso () sdf lonestar org | finger me for my pgp key.
-------------------------------------------------------

Attachment: _bin
Description: 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: