Security Incidents mailing list archives

Re: SSH2 Exploit?

From: alex () WINSTAR NET (Alexander Kiwerski)
Date: Thu, 10 Feb 2000 15:59:30 -0800


Was statd, rpcd or syslogd running? All 3 have exploitable holes (depending
on version). Maybe not the culprit, but a place to look anyhow.

To my knowledge, 1.2.27 is the most solid version of SSH our there, but
there could be something around that I'm not aware of.....

-Alexander Kiwerski

At 06:30 PM 2/9/00 , Jonathan A. Zdziarski wrote:

We recently had one of our remote logging servers compromised.  It was
totally locked down running only ssh2; all inet processes were turned off.
Unfortunately, they obliterated the disk so we were not able to get any
information about how they exploited our machine, however since the only
point of entry was SSH2, I'm very concerned about a possibly vulnerability
in the code.  What is the general consensus of the 'most secure' version of
ssh? 1.2.27?

Thank you,

Jonathan A. Zdziarski
Director - MIS
NetRail, inc.
230 Peachtree St.
Suite 1700
Atlanta, GA 30303
404-522-5400 x240

Current thread:

Re: E-Mail relay or break in?, (continued)
- - - Re: E-Mail relay or break in? Nathan Nichols (Feb 09)
    - Re: E-Mail relay or break in? Ryan Russell (Feb 09)
    - Recent DDoS Bino Gopal (Feb 08)
    - Re: Recent DDoS Qmail Admin (Feb 09)
    - Port 34545 jimwebb () EASYSTREET COM (Feb 09)
    - Re: Recent DDoS MMS26 (Feb 09)
    - Re: Recent DDoS Vanja Hrustic (Feb 09)
    - Re: Recent DDoS (was Ping flood? Whats the point?) Kerry Baker (Feb 09)
    - Re: Recent DDoS (was Ping flood? Whats the point?) Eivind Eklund (Feb 11)
    - SSH2 Exploit? Jonathan A. Zdziarski (Feb 09)
    - Re: SSH2 Exploit? Alexander Kiwerski (Feb 10)
    - Re: SSH2 Exploit? Richard Trott (Feb 10)
    - Re: SSH2 Exploit? Thiago/c0nd0r (Feb 11)
    - Re: SSH2 Exploit? Jonathan A. Zdziarski (Feb 11)
    - Re: SSH2 Exploit? Thiago/c0nd0r (Feb 11)
    - Re: SSH2 Exploit? Mike Tancsa (Feb 15)
    - Re: SSH2 Exploit? //Stany (Feb 16)
    - Re: SSH2 Exploit? sysadmin (Feb 16)
    - AdForce hitting odd ports Rick Tortorella (Feb 11)
    - UDP to 161 CL: Nelson, Jeff (Feb 10)
    - Re: UDP to 161 Pavel Kankovsky (Feb 15)

(Thread continues...)