Bugtraq mailing list archives
bug in ssh allowing to be invissible
From: greg () LIGHTING ML ORG (Grzegorz Stelmaszek)
Date: Mon, 19 Apr 1999 15:30:20 +0200
Hi, Sorry, but maybe i'll resend this email (I was very sleepy while writing prev leter). Hi, I have just discoverd that there is a bug in sshd allowing ordinary user to be showed as not logged in while logged in. You should simply ssh to remote host and run command "bash". One that's not so good, is that you will not have the controlling terminal, but ... Look at this: --- debian:~# w 9:51pm up 10 min, 3 users, load average: 0.00, 0.02, 0.00 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root tty1 9:41pm 12.00s 0.81s 0.63s ssh -l root tty2 9:44pm 6:30 0.22s 0.06s ppf root tty3 9:44pm 0.00s 0.26s 0.04s w debian:~# ssh -lgreg localhost /bin/bash greg@127.0.0.1's password: finger Login Name Tty Idle Login Time Office Office Phone root root *1 Apr 18 21:41 root root *2 6 Apr 18 21:44 root root *3 Apr 18 21:44 whoami greg --- This means that the potiential unprivialged user can use any account in the system (hacked or so), and it's possible that root will not know what is happening (or will know when it's too late ;-). Vulnerable: all known by me ssh versions (<=1.2.26) Solution: If this bug is as serious as i think i'll write a patch. Regards, Greg ******************************************************************************* * Grzegorz Stelmaszek * For my public PGP key finger * greg () lighting ml org * greg () lighting ml org * http://www.lighting.ml.org * ******************************
Current thread:
- Re: Plain text passwords--necessary Francisco M. Marzoa Alonso (Apr 16)
- <Possible follow-ups>
- Re: Plain text passwords--necessary Aleph One (Apr 16)
- Re: Plain text passwords--necessary Phillip Vandry (Apr 19)
- Corrected Linux 2.2.5 FIN/NULL/XMAS block patch Taral (Apr 19)
- Re: Corrected Linux 2.2.5 FIN/NULL/XMAS block patch Taral (Apr 20)
- Re: Plain text passwords--necessary Taral (Apr 19)
- Re: Plain text passwords--necessary Phillip Vandry (Apr 19)
- Re: Plain text passwords--necessary Trevor Schroeder (Apr 19)
- bug in ssh allowing to be invissible Grzegorz Stelmaszek (Apr 19)
- Re: bug in ssh allowing to be invissible Pete (Apr 20)
- Re: bug in ssh allowing to be invissible Joe Gross (Apr 20)
- NetBSD Security Advisory 1999-009 matthew green (Apr 20)
- Bash Bug Shadow (Apr 20)
- Re: Bash Bug Marc Lehmann (Apr 21)
- Re: Bash Bug Pavel Kankovsky (Apr 22)
- Re: Bash Bug Chet Ramey (Apr 22)
- L0pht Security Advisory: Cold Fusion App Server Weld Pond (Apr 21)
- Re: Plain text passwords--necessary Densin Roy. (Apr 19)
- Re: Plain text passwords--necessary Daniel Alex Finkelstein (Apr 19)