Re: Probable SSH Vulnerability

To: Florian Weimer <fw@deneb.enyo.de>
Cc: debian-security@lists.debian.org
Subject: Re: Probable SSH Vulnerability
From: Tim Peeler <thp@linux00.LinuxForce.net>
Date: Thu, 19 Jun 2003 09:26:11 -0400
Message-id: <[🔎] 20030619132611.GA31683@linux00.LinuxForce.net>
In-reply-to: <[🔎] 87fzm84c1r.fsf@deneb.enyo.de>
References: <[🔎] 20030613181844.GA23860@linux00.LinuxForce.net> <20030613171528.2df6d06c.david@eelf.ddts.net> <[🔎] 20030613215221.GA7327@linux00.LinuxForce.net> <[🔎] 9jvkevgo63r9rsrt8hvu9c0gprh8kembi7@4ax.com> <[🔎] 20030615031410.GB20920@linux00.LinuxForce.net> <[🔎] 877k7n3jv7.fsf@deneb.enyo.de> <[🔎] 20030617162748.GA1313@linux00.LinuxForce.net> <[🔎] 87znkg5vzb.fsf@deneb.enyo.de> <[🔎] 20030617202705.GA11108@linux00.LinuxForce.net> <[🔎] 87fzm84c1r.fsf@deneb.enyo.de>

On Tue, Jun 17, 2003 at 11:41:20PM +0200, Florian Weimer wrote:
> 
> Anyway, I just wanted to make sure that you investigate other
> weaknesses than the SSH1 implementation.  It's my gut feeling based on
> the facts you have mentioned that another explanation is far more
> likely.

Certainly, we have to (once we have fully restored all systems) do some
investigating to isolate the single point of failure that allowed this
crack whether it be some other software exploit which lead to
comprimized keys or whether it's a problem with the woody version of
SSH.  The biggest contributing factors leading us to believe that
the exploit is in SSH are: server X was only running (and only allowing
through the firewall) SSH, server Y wasn't using fallback to protocol
1 and after upgrading the version of SSH no more servers were
comprimized.

Thanks,
Tim

Reply to:

References:
- Probable SSH Vulnerability
  - From: Tim Peeler <thp@linux00.LinuxForce.net>
- Re: Probable SSH Vulnerability
  - From: Tim Peeler <thp@linux00.LinuxForce.net>
- Re: Probable SSH Vulnerability
  - From: Nick Boyce <nick@glimmer.demon.co.uk>
- Re: Probable SSH Vulnerability
  - From: Tim Peeler <thp@linux00.LinuxForce.net>
- Re: Probable SSH Vulnerability
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: Probable SSH Vulnerability
  - From: Tim Peeler <thp@linux00.LinuxForce.net>
- Re: Probable SSH Vulnerability
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: Probable SSH Vulnerability
  - From: Tim Peeler <thp@linux00.LinuxForce.net>
- Re: Probable SSH Vulnerability
  - From: Florian Weimer <fw@deneb.enyo.de>

Prev by Date: unsubscribe
Next by Date: odd process running /usr/sbin/sendmail -i -CronDaemon -odi -oem root
Previous by thread: Re: Probable SSH Vulnerability
Next by thread: Re: Probable SSH Vulnerability
Index(es):
- Date
- Thread