Date: Sat, 14 Nov 1998 19:37:50 -0500 From: Chris Johnson <cjohnson@palomine.net> To: questions@FreeBSD.ORG, shovey@buffnet.net Subject: Re: ssh/sshd questions Message-ID: <19981114193750.A27767@palomine.net> In-Reply-To: <199811131442.GAA13869@hub.freebsd.org>; from questions-digest on Fri, Nov 13, 1998 at 06:42:59AM -0800 References: <199811131442.GAA13869@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 13 Nov 1998, Steve Hovey wrote: > All I know is about a year ago, the day after I installed it [ssh], I > suffered a root incursion. Oh, please. And the day after I ate a pastrami sandwich on rye with mustard my wife got pregnant. Just because two things are true, you can't conclude that one caused the other. Maybe there were exploits against sshd a year ago, but unless you have more evidence than you've stated above, you shouldn't be suggesting to people that your root incursion was allowed by ssh. Vague suspicions based on no evidence should be kept to oneself. As for the rootshell.com thing, the following two things are known: 1. www.rootshell.com was cracked, and the cracker gained access through ssh. 2. There are possible buffer overflows in the Kerberos code in ssh. Nobody has shown that he can exploit these overflows to gain root access, and in any case it would be very difficult to do, if it's even possible at all. >From the above two pieces of data, many people have concluded that rootshell was compromised through an exploit against the Kerberos code in ssh. This may be true, but the conclusion can not be drawn from the above, which seems to be all that is publically known. Another plausible explanation is that the cracker knew the root password and simply logged in via ssh. "Gained access via ssh" is not the same thing as "gained access by exploiting a buffer overflow in ssh." The rootshell people themselves have never said that the break-in was caused by an ssh security hole. I'm not defending ssh; for all I know it's a seething mass of exploitable buffer overflows. But people have been drawing all kinds of unfounded conclusions about it out of thin air, and I wish that people would stop spreading this misinformation as if they knew what they were talking about. Chris Johnson > > > On Thu, 12 Nov 1998, Willow wrote: > > > I just installed ssh/sshd from 2.2.7 ports, and seem to rememeber a > > security announcement regarding it. Does anyone remember such an > > announcement? > > > > Also where is the best place to look for FreeBSD related security > > announcements that have been posted to freebsd-security and > > freebsd-security-notifacations? > > > > > > -- > > Willow <willow@tds.edu> > > http://www.tds.edu/~willow > > icq: 19051309 (office) > > icq: 22034399 (home) > > -- > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > > > - ------------------------------------------------------------------ > Steve Hovey > Chief Network Administrator > BuffNET More Than Just a Connection! > - ------------------------------------------------------------------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981114193750.A27767>