[rlug] Re: haha! openssh 3.0.1p1 e vulnerabil

Thu, 29 Nov 2001 22:06:11 -0800 


my fault... ssh_xmalloc() era din alta distributie... in schimb
3.0.1p1 are probleme la sftp. vreti detalii?! ok...
sftp nu logeaza in utmp cum ar face orice ftp decent,ashadar un "skript
kiddiot" care a sniffat o parola de pop3 poate avea access deplin la
sistem fara ca adminul respectiv sa il vada , plus ca sftp nu ruleaza ca
chroot (http://archives.neohapsis.com/archives/sf/linux/2001-q4/0260.html).
Theo de Raadt dorea un backdoor?!

halfdead@cannabis:~$ telnet 0 22
Trying 0.0.0.0...
Connected to 0.
Escape character is '^]'.
SSH-1.99-OpenSSH_3.0.1p1

Protocol mismatch.
Connection closed by foreign host.
halfdead@cannabis:~$

root@cannabis:~# adduser

Login name for new user []: sftpuser

User id for sftpuser [ defaults to next available]:

Initial group for sftpuser [users]:

Additional groups for sftpuser (seperated
with commas, no spaces) []:

sftpuser's home directory [/home/sftpuser]:

sftpuser's shell [/bin/bash]:

sftpuser's account expiry date (YYYY-MM-DD) []:

OK, I'm about to make a new account. Here's what you entered so far:

New login name: sftpuser
New UID: [Next available]
Initial group: users
Additional groups: [none]
Home directory: /home/sftpuser
Shell: /bin/bash
Expiry date: [no expiration]

This is it... if you want to bail out, hit Control-C.  Otherwise, press
ENTER to go ahead and make the account.


Making new account...

Changing the user information for sftpuser
Enter the new value, or press return for the default
        Full Name []: sftpuser
        Room Number []:
        Work Phone []:
        Home Phone []:
        Other []:

Changing password for sftpuser
Enter the new password (minimum of 5, maximum of 127 characters)
Please use a combination of upper and lower case letters and numbers.
New password:
Re-enter new password:
Password changed.
Done...
root@cannabis:~# last sftpuser

wtmp begins Mon Sep 24 15:40:25 2001
root@cannabis:~# sftp sftpuser@localhost
Connecting to localhost...
sftpuser@localhost's password:
sftp> cd /etc
sftp> get passwd
Fetching /etc/passwd to passwd
sftp> QUIT
root@cannabis:~# last sftpuser

wtmp begins Mon Sep 24 15:40:25 2001
root@cannabis:~#


q.e.d.
ps - vulnerabilitatea inca nu o fac publica...



Andrei Bozeanu
Network and Security Administrator - B&A Trading ISP
[EMAIL PROTECTED]

---
Send e-mail to '[EMAIL PROTECTED]' with 'unsubscribe rlug' to 
unsubscribe from this list.

Raspunde prin e-mail lui