From owner-freebsd-questions Sat Nov 14 17:46:40 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id RAA08024 for freebsd-questions-outgoing; Sat, 14 Nov 1998 17:46:40 -0800 (PST) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from buffnet4.buffnet.net (buffnet4.buffnet.net [205.246.19.13]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA08019 for ; Sat, 14 Nov 1998 17:46:39 -0800 (PST) (envelope-from shovey@buffnet.net) Received: from buffnet11.buffnet.net (buffnet11.buffnet.net [205.246.19.55]) by buffnet4.buffnet.net (8.8.7/8.7.3) with SMTP id UAA28345; Sat, 14 Nov 1998 20:46:04 -0500 (EST) Date: Sat, 14 Nov 1998 20:45:56 -0500 (EST) From: Steve Hovey To: Chris Johnson cc: questions@FreeBSD.ORG Subject: Re: ssh/sshd questions In-Reply-To: <19981114193750.A27767@palomine.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Oh be calm. I work in a very busy shop, and I obtained a very uneasy feeling and related it.. its not like I just tried to tatoo it on your butt or something. On Sat, 14 Nov 1998, Chris Johnson wrote: > On Fri, 13 Nov 1998, Steve Hovey wrote: > > All I know is about a year ago, the day after I installed it [ssh], I > > suffered a root incursion. > > Oh, please. And the day after I ate a pastrami sandwich on rye with mustard my > wife got pregnant. > > Just because two things are true, you can't conclude that one caused the other. > Maybe there were exploits against sshd a year ago, but unless you have more > evidence than you've stated above, you shouldn't be suggesting to people that > your root incursion was allowed by ssh. Vague suspicions based on no evidence > should be kept to oneself. > > As for the rootshell.com thing, the following two things are known: > > 1. www.rootshell.com was cracked, and the cracker gained access through ssh. > 2. There are possible buffer overflows in the Kerberos code in ssh. Nobody has > shown that he can exploit these overflows to gain root access, and in any case > it would be very difficult to do, if it's even possible at all. > > From the above two pieces of data, many people have concluded that rootshell > was compromised through an exploit against the Kerberos code in ssh. This may > be true, but the conclusion can not be drawn from the above, which seems to be > all that is publically known. Another plausible explanation is that the cracker > knew the root password and simply logged in via ssh. "Gained access via ssh" is > not the same thing as "gained access by exploiting a buffer overflow in ssh." > The rootshell people themselves have never said that the break-in was caused by > an ssh security hole. > > I'm not defending ssh; for all I know it's a seething mass of exploitable > buffer overflows. But people have been drawing all kinds of unfounded > conclusions about it out of thin air, and I wish that people would stop > spreading this misinformation as if they knew what they were talking about. > > Chris Johnson > > > > > > > On Thu, 12 Nov 1998, Willow wrote: > > > > > I just installed ssh/sshd from 2.2.7 ports, and seem to rememeber a > > > security announcement regarding it. Does anyone remember such an > > > announcement? > > > > > > Also where is the best place to look for FreeBSD related security > > > announcements that have been posted to freebsd-security and > > > freebsd-security-notifacations? > > > > > > > > > -- > > > Willow > > > http://www.tds.edu/~willow > > > icq: 19051309 (office) > > > icq: 22034399 (home) > > > -- > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-questions" in the body of the message > > > > > > > - ------------------------------------------------------------------ > > Steve Hovey > > Chief Network Administrator > > BuffNET More Than Just a Connection! > > - ------------------------------------------------------------------ > ------------------------------------------------------------------ Steve Hovey Chief Network Administrator BuffNET More Than Just a Connection! ------------------------------------------------------------------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message