Penetration Testing mailing list archives
Re: OpenSSH
From: Anthony D Cennami <acennami () metconnect net>
Date: Tue, 10 Sep 2002 21:26:43 -0400
Non BSD systems by default, as they do not use BSDAUTH, are not (currently) vulnerable to this breach, to the best of my knowledge.
In any case, it would be advisable to use an updated priv-sep enabled version of the software.
Regards, Anthony Jeremy Junginger wrote:
Hello, I am back again, and auditing an internally accessible ssh server for the challenge-response buffer overflow. I'll keep it brief: OS: RedHat Linux (6.2) SSH Version: SSH-1.99-OpenSSH_3.1p1 I have already done the following: Downloaded and extracted openssh-3.2.2p1.tar.gz Patched the client with ssh.diff (patch < ssh.diff) Compiled patched client ( ./configure && make ssh) Run the "patched" ssh (./ssh x.x.x.x) I am receiving the following output ./scanssh 172.16.51.23 [*] remote host supports ssh2 [*] server_user: root:skey [*] keyboard-interactive method available [x] bsdauth (skey) not available Permission denied (publickey,password,keyboard-interactive). I have not investigated any further, but don't feel comfortable calling the service "secured" without a little peer review. Do you have any tips on manipulating the method, style, repeats, chunk size, or connect-back shellcode repeat? Any ideas will be greatly appreciated. Thanks, and have a great day! -Jeremy
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- OpenSSH Jeremy Junginger (Sep 06)
- Re: OpenSSH Wojciech Pawlikowski (Sep 09)
- Re: OpenSSH Peter Bruderer (Sep 09)
- Re: OpenSSH Anthony D Cennami (Sep 11)