From owner-freebsd-security  Thu Jan 27 21:41: 7 2000
Delivered-To: freebsd-security@freebsd.org
Received: from vulcan.alphanet.ch (sitebco-home-5-17.urbanet.ch [194.38.85.209])
	by hub.freebsd.org (Postfix) with ESMTP id 6035A158ED
	for <freebsd-security@freebsd.org>; Thu, 27 Jan 2000 21:40:55 -0800 (PST)
	(envelope-from schaefer@alphanet.ch)
Received: from localhost (schaefer@localhost)
	by vulcan.alphanet.ch (8.9.3/8.9.3) with ESMTP id GAA10338;
	Fri, 28 Jan 2000 06:40:50 +0100
Date: Fri, 28 Jan 2000 06:40:50 +0100 (MET)
From: Marc SCHAEFER <schaefer@alphanet.ch>
To: The Mad Scientist <madscientist@thegrid.net>
Cc: freebsd-security@freebsd.org
Subject: Re: sshd and pop/ftponly users incorrect configuration
In-Reply-To: <4.1.20000127184450.0095b390@mail.thegrid.net>
Message-ID: <Pine.LNX.4.10.10001280639290.10293-100000@vulcan.alphanet.ch>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Thu, 27 Jan 2000, The Mad Scientist wrote:

> Thanks.  So if I understand you correctly, if the user has no shell on the
> system, they will only be able to fake their ident, yes?

If they have an invalid shell, and sshd is running, and there is no
DenyGroups directive, and the password is not locked, they can issue
connections appearing from the attacked host, possibly bypassing logging
(since those connections have IDENT == root), and possibly bypassing
firewall rules.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message