Re: security hole in sshd in oldstable?

To: Aldous Penaranda <adpenaranda@gmail.com>
Cc: debian-security@lists.debian.org, Petter Reinholdtsen <pere@hungry.com>
Subject: Re: security hole in sshd in oldstable?
From: Javier Fernández-Sanguino Peña <jfs@computer.org>
Date: Thu, 25 Aug 2005 00:58:41 +0200
Message-id: <[🔎] 20050824225841.GA12125@javifsp.no-ip.org>
In-reply-to: <[🔎] 87u0hfiqu4.fsf@recca.systemacorp>
References: <[🔎] 2fl3boztzqz.fsf@saruman.uio.no> <[🔎] 87u0hfiqu4.fsf@recca.systemacorp>

On Wed, Aug 24, 2005 at 06:14:59PM +0800, Aldous Penaranda wrote:
> On Wed, 24 Aug 2005 12:07:00 +0200, Petter Reinholdtsen wrote:
> 
> > Are there known security holes in sshd in oldstable (woody)?
> 
> A quick bug search gave me this:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=196413
> 
> It's tagged security and wontfix for woody.
> 
> Maybe the cracker used this to find valid users and used bruteforce to
> guess a password to get in?

I haven't seen any rootkit toolkit add this into its arsenal (yet) so I 
would vote that the first server was cracked through a ssh bruteforce
attack, got local access and then rooted the box through a kernel hole.
That's the most common scenario from my experience, SSH scanning is
all too common these days.

Regards

Javier

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: security hole in sshd in oldstable?
  - From: Gaetano Zappulla <gaetano@linux.it>

References:
- security hole in sshd in oldstable?
  - From: Petter Reinholdtsen <pere@hungry.com>
- Re: security hole in sshd in oldstable?
  - From: Aldous Penaranda <adpenaranda@gmail.com>

Prev by Date: Ello!
Next by Date: Re: tripwire detected date changed on two binaries
Previous by thread: Re: security hole in sshd in oldstable?
Next by thread: Re: security hole in sshd in oldstable?
Index(es):
- Date
- Thread