[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: security hole in sshd in oldstable?

On Wed, Aug 24, 2005 at 06:14:59PM +0800, Aldous Penaranda wrote:
> On Wed, 24 Aug 2005 12:07:00 +0200, Petter Reinholdtsen wrote:
> > Are there known security holes in sshd in oldstable (woody)?
> A quick bug search gave me this:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=196413
> It's tagged security and wontfix for woody.
> Maybe the cracker used this to find valid users and used bruteforce to
> guess a password to get in?

I haven't seen any rootkit toolkit add this into its arsenal (yet) so I 
would vote that the first server was cracked through a ssh bruteforce
attack, got local access and then rooted the box through a kernel hole.
That's the most common scenario from my experience, SSH scanning is
all too common these days.



Attachment: signature.asc
Description: Digital signature

Reply to: