[ale] URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 (fwd)
Jonathan Rickman
jonathan at xcorps.net
Fri Jul 20 21:38:56 EDT 2001
Should have read further...
Some stock machines which have default locked accounts
running SSH Secure Shell 3.0 are vulnerable to
arbitrary logins. This is a serious problem with
Solaris, for example, which uses the sequence "NP" to
indicate locked administrative accounts such as "lp",
"adm", "bin" etc. Some Linux machines which have
accounts with !! in the etc/passwd or /etc/shadow such
as xfs or gdm are also vulnerable. Since it is relatively
easy to become root after gaining access to certain
accounts, we consider this a potential root exploit.
--
Jonathan Rickman
X Corps Security
http://www.xcorps.net
On Fri, 20 Jul 2001, Fulton Green wrote:
> Gee, I would have figured any accounts using passwords <= 2 chars. long would
> be vunerable over *any* secure protocol. ;-)
>
> On Fri, Jul 20, 2001 at 08:53:20PM -0400, Jonathan Rickman wrote:
> > Most of you probably use OpenSSH but I know a few on this list who use the
> > commercial product.
> ...
> > A potential remote root exploit has been discovered
> > in SSH Secure Shell 3.0.0, for Unix only, concerning
> > accounts with password fields consisting of two or
> > fewer characters. Unauthorized users could potentially
>
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
More information about the Ale
mailing list