Penetration Testing mailing list archives
Re: [PEN-TEST] ssh/x11 forwarding disclosure
From: Riley Hassell <riley () SPEAKEASY NET>
Date: Fri, 8 Sep 2000 18:37:36 -0700
Well, all you can do is deny service to users who login via ssh-agent. exploitation: mkdir /tmp/ssh-usernamehere chmod 0407 /tmp/ssh-usernamehe Riley Hassell Network Security Speakeasy Network Phone : 206-728-9770x151 Email : riley () speakeasy net On Fri, 8 Sep 2000, Crist Clark wrote:
Riley Hassell wrote:If you make a directory in /tmp called ssh-username you can disable another users X-forwarding. Lame isn't it.Please specify which SSH you are talking about when claims like this are made. This was also a problem with the original post that started this discussion. With OpenSSH-2.1, $ ls -ld /tmp/ssh* drwx------ 2 cclark wheel 512 Sep 8 10:33 /tmp/ssh-kms30342 This does not work. I believe the naming is ssh-XXX[pid] where XXX are randomly chosen from [A-Za-z] and [pid] is the spawned sshd's PID. -- Crist J. Clark Network Security Engineer crist.clark () globalstar com Globalstar, L.P. (408) 933-4387 FAX: (408) 933-4926 The information contained in this e-mail message is confidential, intended only for the use of the individual or entity named above. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please contact postmaster () globalstar com
Current thread:
- Re: [PEN-TEST] ssh/x11 forwarding disclosure Frasnelli, Dan (Sep 08)
- Re: [PEN-TEST] ssh/x11 forwarding disclosure Riley Hassell (Sep 08)
- Re: [PEN-TEST] ssh/x11 forwarding disclosure Crist Clark (Sep 08)
- Re: [PEN-TEST] ssh/x11 forwarding disclosure Riley Hassell (Sep 09)
- Re: [PEN-TEST] ssh/x11 forwarding disclosure Crist Clark (Sep 08)
- <Possible follow-ups>
- Re: [PEN-TEST] ssh/x11 forwarding disclosure Dunker, Noah (Sep 08)
- Re: [PEN-TEST] ssh/x11 forwarding disclosure Riley Hassell (Sep 08)