Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 26 Mar 2001 16:08:46 -0300
From:      "Duwde (Fabio V. Dias)" <duwde@duwde.com.br>
To:        security-officer@FreeBSD.org, freebsd-security@freebsd.org
Subject:   SSHD revelaing too much information.
Message-ID:  <3ABF93BE.A855334@duwde.com.br>
next in thread | raw e-mail | index | archive | help 
To the FreeBSD Security Officer & FreeBSD Security List.
(Please reply, if need, to my email too)

I've already posted this at FreeBSD-stable@freebsd.org but it
seems some people haven't agreed on this issue, so I'm posting
this here, as it's security related.

As of 2001/03/22 we have :  (and it's still on 4.x-stable of today,
4.3-RC)

--
bash-2.04$ cat /usr/src/crypto/openssh/version.h 
/* $FreeBSD: src/crypto/openssh/version.h,v 1.1.1.1.2.4 2001/03/22
00:30:56 green Exp $ */
/* $OpenBSD: version.h,v 1.13 2000/10/16 09:38:45 djm Exp $ */

#define SSH_VERSION	"OpenSSH_2.3.0 green@FreeBSD.org 20010321"
bash-2.04$ 
--

It seems some fixes has been made on OpenSSH 2.3.0 or so, and the string
"green@FreeBSD.org 20010321" has been added to SSH_VERSION. The problem
is that this is using on the initial SSHD login procedure :

--
bash-2.04$ telnet localhost 22
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
SSH-1.5-OpenSSH_2.3.0 green@FreeBSD.org 20010321
--

So as SSHD is a daemon USUALLY enable to the whole internet,
anyone can find out what OS (FreeBSD), and what SSHD *cvsuped"
version is running. As well as if it has been fixed or NOT.

So targeting attacks to unfixed SSHDs running FreeBSD would be
made easier, as well as any other attacks in the future, 'cause
there will be no doubt of what OS the host is running. (plus
a good idea of its version, using the 20010321 string)

Btw, there is no need to let anyone know if the SSHD is fixed
or NOT, nor the OS version, and SSHD exact modification date
by the freebsd team. Is there ?

Please let me know if I'm missing something...

-- 
Fabio Vilan Dias / Duwde <duwde@duwde.com.br>
PGP key @ http://www.duwde.com.br/duwdepgp.asc
FP = BB35 50F2 7F83 655D  6B11 F0A2 F8E2 FF3D

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3ABF93BE.A855334>