Date: Sat, 14 Nov 1998 20:45:56 -0500 (EST) From: Steve Hovey <shovey@buffnet.net> To: Chris Johnson <cjohnson@palomine.net> Cc: questions@FreeBSD.ORG Subject: Re: ssh/sshd questions Message-ID: <Pine.BSI.3.95.981114204522.4762Y-100000@buffnet11.buffnet.net> In-Reply-To: <19981114193750.A27767@palomine.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Oh be calm. I work in a very busy shop, and I obtained a very uneasy feeling and related it.. its not like I just tried to tatoo it on your butt or something. On Sat, 14 Nov 1998, Chris Johnson wrote: > On Fri, 13 Nov 1998, Steve Hovey wrote: > > All I know is about a year ago, the day after I installed it [ssh], I > > suffered a root incursion. > > Oh, please. And the day after I ate a pastrami sandwich on rye with mustard my > wife got pregnant. > > Just because two things are true, you can't conclude that one caused the other. > Maybe there were exploits against sshd a year ago, but unless you have more > evidence than you've stated above, you shouldn't be suggesting to people that > your root incursion was allowed by ssh. Vague suspicions based on no evidence > should be kept to oneself. > > As for the rootshell.com thing, the following two things are known: > > 1. www.rootshell.com was cracked, and the cracker gained access through ssh. > 2. There are possible buffer overflows in the Kerberos code in ssh. Nobody has > shown that he can exploit these overflows to gain root access, and in any case > it would be very difficult to do, if it's even possible at all. > > From the above two pieces of data, many people have concluded that rootshell > was compromised through an exploit against the Kerberos code in ssh. This may > be true, but the conclusion can not be drawn from the above, which seems to be > all that is publically known. Another plausible explanation is that the cracker > knew the root password and simply logged in via ssh. "Gained access via ssh" is > not the same thing as "gained access by exploiting a buffer overflow in ssh." > The rootshell people themselves have never said that the break-in was caused by > an ssh security hole. > > I'm not defending ssh; for all I know it's a seething mass of exploitable > buffer overflows. But people have been drawing all kinds of unfounded > conclusions about it out of thin air, and I wish that people would stop > spreading this misinformation as if they knew what they were talking about. > > Chris Johnson > > > > > > > On Thu, 12 Nov 1998, Willow wrote: > > > > > I just installed ssh/sshd from 2.2.7 ports, and seem to rememeber a > > > security announcement regarding it. Does anyone remember such an > > > announcement? > > > > > > Also where is the best place to look for FreeBSD related security > > > announcements that have been posted to freebsd-security and > > > freebsd-security-notifacations? > > > > > > > > > -- > > > Willow <willow@tds.edu> > > > http://www.tds.edu/~willow > > > icq: 19051309 (office) > > > icq: 22034399 (home) > > > -- > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-questions" in the body of the message > > > > > > > - ------------------------------------------------------------------ > > Steve Hovey > > Chief Network Administrator > > BuffNET More Than Just a Connection! > > - ------------------------------------------------------------------ > ------------------------------------------------------------------ Steve Hovey Chief Network Administrator BuffNET More Than Just a Connection! ------------------------------------------------------------------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSI.3.95.981114204522.4762Y-100000>