Security Incidents mailing list archives
Re: SSH2 Exploit?
From: alex () WINSTAR NET (Alexander Kiwerski)
Date: Thu, 10 Feb 2000 15:59:30 -0800
Was statd, rpcd or syslogd running? All 3 have exploitable holes (depending on version). Maybe not the culprit, but a place to look anyhow. To my knowledge, 1.2.27 is the most solid version of SSH our there, but there could be something around that I'm not aware of..... -Alexander Kiwerski At 06:30 PM 2/9/00 , Jonathan A. Zdziarski wrote:
We recently had one of our remote logging servers compromised. It was totally locked down running only ssh2; all inet processes were turned off. Unfortunately, they obliterated the disk so we were not able to get any information about how they exploited our machine, however since the only point of entry was SSH2, I'm very concerned about a possibly vulnerability in the code. What is the general consensus of the 'most secure' version of ssh? 1.2.27? Thank you, Jonathan A. Zdziarski Director - MIS NetRail, inc. 230 Peachtree St. Suite 1700 Atlanta, GA 30303 404-522-5400 x240
Current thread:
- Re: E-Mail relay or break in?, (continued)
- Re: E-Mail relay or break in? Nathan Nichols (Feb 09)
- Re: E-Mail relay or break in? Ryan Russell (Feb 09)
- Recent DDoS Bino Gopal (Feb 08)
- Re: Recent DDoS Qmail Admin (Feb 09)
- Port 34545 jimwebb () EASYSTREET COM (Feb 09)
- Re: Recent DDoS MMS26 (Feb 09)
- Re: Recent DDoS Vanja Hrustic (Feb 09)
- Re: Recent DDoS (was Ping flood? Whats the point?) Kerry Baker (Feb 09)
- Re: Recent DDoS (was Ping flood? Whats the point?) Eivind Eklund (Feb 11)
- SSH2 Exploit? Jonathan A. Zdziarski (Feb 09)
- Re: SSH2 Exploit? Alexander Kiwerski (Feb 10)
- Re: SSH2 Exploit? Richard Trott (Feb 10)
- Re: SSH2 Exploit? Thiago/c0nd0r (Feb 11)
- Re: SSH2 Exploit? Jonathan A. Zdziarski (Feb 11)
- Re: SSH2 Exploit? Thiago/c0nd0r (Feb 11)
- Re: SSH2 Exploit? Mike Tancsa (Feb 15)
- Re: SSH2 Exploit? //Stany (Feb 16)
- Re: SSH2 Exploit? sysadmin (Feb 16)
- AdForce hitting odd ports Rick Tortorella (Feb 11)
- UDP to 161 CL: Nelson, Jeff (Feb 10)
- Re: UDP to 161 Pavel Kankovsky (Feb 15)