Bugtraq mailing list archives
Re: SSH 1.x and 2.x Daemon
From: jbourne () AFFINITY-SYSTEMS AB CA (Jim Bourne)
Date: Mon, 25 Jan 1999 14:24:00 -0700
This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mime () docserver cac washington edu for more info. ---439393530-1362609918-917299440=:6265 Content-Type: TEXT/PLAIN; charset=US-ASCII On Sat, 23 Jan 1999, KuRuPTioN wrote:
There seems to be incomplete code in the SSH daemon in both versions 1.2.27 and 2.0.11 (only tested). The bug simply allows users who with expired accounts (in /etc/shadow) to continue to login even though other such services such as ftp and telnet deny access. Here is the log using 1.2.27 (but the same happens with 2.0.11).
Hi, I had emailed them about this and here is the response: ________________
From kivinen () ssh fi Mon Jan 25 14:14:45 1998
Date: Tue, 7 Jul 1998 22:38:08 +0300 (EET DST) From: Tero Kivinen <kivinen () ssh fi> To: Jim Bourne <jbourne () island net> Subject: ssh on linux Jim Bourne writes:
I've been playing with SSH on my home system, and found a problem with compiling it under Linux 2.0.33 (redhat 4.2 in this case). Since shadow support can be turned on fairly easily (pwconv5) and the struct spwd does include shadow aging and expiry information, I thought it would be better to have these turned on when using autoconf.
Linux shadow password maintainer said earlier that we must turn off shadow password checking and always use the shadow password functions, just so that you can turn shadow password on later. Currently the configure.in checks that if we are in linux and we have getspnam function then we turn shadow password on always, and otherwise we don't turn it on. So I didn't remove that no_shadows_password_checking=yes line from the configure. [snip] -- kivinen () iki fi Work : +358-9-4354 3218 SSH Communications Security http://www.ssh.fi/ SSH IPSEC Toolkit http://www.ssh.fi/ipsec/ ---------------------- They do know that it does work under Linux and choose to leave it out.
Any solutions (patch?) to this problem would be appreciated. Currently I just run a shell script to change the user's shell to deny them, but this shouldn't be necessary since this is one of the listed features of the Shadow Utilities.
I have attached a patch, that simply checks for the presence of shadow passwords and sets the appropriate defines. It does work on Linux 2.0.37pre and redhat 5.1/5.2. You will have to have autoconf and re-run it to build a new configure script. Regards Jim
Thanks. Raymond T Sundland
-- -- James Bourne | Email: jbourne () affinity-systems ab ca Affinity Systems Inc. | WWW: http://www.affinity-systems.ab.ca Everything Unix | Linux: The choice of a GNU generation ---------------------------------------------------------------------- Unix System Administration, System programming, Network Administration ---439393530-1362609918-917299440=:6265 Content-Type: TEXT/PLAIN; charset=US-ASCII; name="ssh-1.2.26-expiry.patch" Content-Transfer-Encoding: BASE64 Content-ID: <Pine.LNX.4.04.9901251424000.6265 () cafe affinity-systems ab ca> Content-Description: Expiry Patch Content-Disposition: attachment; filename="ssh-1.2.26-expiry.patch" ZGlmZiAtcnVOIHNzaC0xLjIuMjYub3JpZy9jb25maWcuaC5pbiBzc2gtMS4y LjI2L2NvbmZpZy5oLmluDQotLS0gc3NoLTEuMi4yNi5vcmlnL2NvbmZpZy5o LmluCVR1ZSBOb3YgIDMgMDk6MTE6MTYgMTk5OA0KKysrIHNzaC0xLjIuMjYv Y29uZmlnLmguaW4JVHVlIE5vdiAgMyAwOTowODo0MyAxOTk4DQpAQCAtMTIz LDYgKzEyMyw5IEBADQogLyogRGVmaW5lIHRoaXMgdG8gYmUgdGhlIHBhdGgg b2YgdGhlIHJzaCBwcm9ncmFtIHRvIHN1cHBvcnQgZXhlY3V0aW5nIHJzaC4g Ki8NCiAjdW5kZWYgUlNIX1BBVEgNCiANCisvKiBEZWZpbmUgdGhpcyB0byBi ZSB0aGUgcGF0aCB0byB0aGUgcGFzc3dkIHByb2dyYW0gKi8NCisjdW5kZWYg UEFTU1dEX1BBVEgNCisNCiAvKiBEZWZpbmUgdGhpcyB0byBiZSB0aGUgcGF0 aCBvZiB0aGUgeGF1dGggcHJvZ3JhbS4gKi8NCiAjdW5kZWYgWEFVVEhfUEFU SA0KIA0KZGlmZiAtcnVOIHNzaC0xLjIuMjYub3JpZy9jb25maWd1cmUuaW4g c3NoLTEuMi4yNi9jb25maWd1cmUuaW4NCi0tLSBzc2gtMS4yLjI2Lm9yaWcv Y29uZmlndXJlLmluCVR1ZSBOb3YgIDMgMDk6MTE6MTYgMTk5OA0KKysrIHNz aC0xLjIuMjYvY29uZmlndXJlLmluCVR1ZSBOb3YgIDMgMDk6MDg6NDMgMTk5 OA0KQEAgLTIwMCw3ICsyMDAsNiBAQA0KICAgICBpZiB0ZXN0ICRhY19jdl9m dW5jX2dldHNwbmFtID0geWVzOyB0aGVuDQogICAgICAgQUNfREVGSU5FKEhB VkVfRVRDX1NIQURPVykNCiAgICAgZmkNCi0gICAgbm9fc2hhZG93c19wYXNz d29yZF9jaGVja2luZz15ZXMNCiAgICAgQUNfQ0hFQ0tfRlVOQ1MocHdfZW5j cnlwdCwgcHdlbmNyeXB0PXllcykNCiAgICAgaWYgdGVzdCAkYWNfY3ZfZnVu Y19wd19lbmNyeXB0ID0gbm87IHRoZW4NCiAgICAgICBBQ19DSEVDS19MSUIo c2hhZG93LCBwd19lbmNyeXB0LCBbDQpAQCAtNDU5LDYgKzQ1OCwxMSBAQA0K ICAgQUNfREVGSU5FX1VOUVVPVEVEKFBBU1NXRF9QQVRILCAiJFBBU1NXRF9Q QVRIIikNCiBmaQ0KIA0KK0FDX1BBVEhfUFJPRyhQQVNTV0RfUEFUSCwgcGFz c3dkKQ0KK2lmIHRlc3QgLW4gIiRQQVNTV0RfUEFUSCI7IHRoZW4NCisgIEFD X0RFRklORV9VTlFVT1RFRChQQVNTV0RfUEFUSCwgIiRQQVNTV0RfUEFUSCIp DQorZmkNCisNCiBBQ19QQVRIX1BST0coWEFVVEhfUEFUSCwgeGF1dGgpDQog aWYgdGVzdCAtbiAiJFhBVVRIX1BBVEgiOyB0aGVuDQogICBBQ19ERUZJTkVf VU5RVU9URUQoWEFVVEhfUEFUSCwgIiRYQVVUSF9QQVRIIikNCkBAIC01MzIs NiArNTM2LDcgQEANCiBlbHNlDQogICBBQ19NU0dfUkVTVUxUKG5vKQ0KIGZp DQorDQogDQogaWYgdGVzdCAteiAiJG5vX3NoYWRvd3NfcGFzc3dvcmRfY2hl Y2tpbmciOyB0aGVuDQogICBBQ19NU0dfQ0hFQ0tJTkcoZm9yIHNoYWRvdyBw YXNzd29yZHMpDQo= ---439393530-1362609918-917299440=:6265--
Current thread:
- Re: SSH 1.x and 2.x Daemon, (continued)
- Re: SSH 1.x and 2.x Daemon Linux Mailing Lists (Jan 25)
- Re: SSH 1.x and 2.x Daemon KuRuPTioN (Jan 25)
- Re: SSH 1.x and 2.x Daemon Alan Olsen (Jan 24)
- baynetworks router DoS Virsoft (Jan 25)
- Re: baynetworks router DoS Neale Banks (Jan 26)
- 2.2.0 SECURITY (fwd) Aaron Lehmann (Jan 26)
- IBM CICS Universal Client 3.x Rude Yak (Jan 27)
- Re: SSH 1.x and 2.x Daemon Yutaka OIWA (Jan 25)
- Call for Papers: UNIX AND WINDOWS NT Fred Donck (Jan 25)
- New IE4 privacy issue aleph1 () UNDERGROUND ORG (Jan 25)
- Re: SSH 1.x and 2.x Daemon Jim Bourne (Jan 25)
- Re: backdoored tcp wrapper source code Wietse Venema (Jan 23)
- LocalSecure Testing Program NSS SDT (Jan 21)
- Re: backdoored tcp wrapper source code John Stange (Jan 24)
- Advisory: IIS FTP Exploit/DoS Attack Marc (Jan 24)
- Re: Advisory: IIS FTP Exploit/DoS Attack Seth McGann (Jan 24)
- Re: Advisory: IIS FTP Exploit/DoS Attack Matt Conover (Jan 25)
- IIS Advisory Marc (Jan 24)
- Re: Sendmail 8.8.x/8.9.x bugware Brock Rozen (Jan 18)