RE: !SPAM! Automated ssh scanning

[Ron DuFresne <dufresne () winternet com>]

On Thu, 26 Aug 2004, Stephen Agar wrote:

> I think many of you are missing the point. Yes the guest/guest account is
> weak, but this kernel is (according to debian) patched..therefore free from
> local exploits that can be used to gain superuser access. I mean if this
> were the case, then any box that ran this version of debian to do something
> like "web hosting" that gave users shell access, may as well give them all
> full sudo. Because you people are assuming that if someone can gain access
> to the box, secured or not, they can gain root..i disagree.


The issue here is why does debain include such a weak account,m thaqt has
not been tamed via a very restricted chroot env!?

> I feel totally confident that if you gain access to my FreeBSD 4.10 box with
> an unpriveleged account (not that you will, of course) then you will remain
> an "unpriveleged user" no local root exploit....no worries.


As Barry pointed to directly, it all depends upon what you make available
to your clients once in a shell.  It;s very likely your server would be as
exploitable as most 'default' installs with the kitchen sink dropped in.
Perhaps not, but likely, depending upon what you 'installed and allow
clients access to'.

Thanks,

Ron DuFresne

> --stephen
>
> > -----Original Message-----
> > From: full-disclosure-admin () lists netsys com
> > [mailto:full-disclosure-admin () lists netsys com] On Behalf Of
> > Todd Towles
> > Sent: Thursday, August 26, 2004 8:12 AM
> > To: Richard Verwayen; FD
> > Subject: RE: !SPAM! [Full-disclosure] Automated ssh scanning
> >
> >  The kernel could be save. But with weak passwords, you are
> > toast. Any automated tool would test guest/guest.
> >
> > -----Original Message-----
> > From: full-disclosure-admin () lists netsys com
> > [mailto:full-disclosure-admin () lists netsys com] On Behalf Of
> > Richard Verwayen
> > Sent: Thursday, August 26, 2004 6:08 AM
> > To: 'FD'
> > Subject: RE: !SPAM! [Full-disclosure] Automated ssh scanning
> >
> > On Thu, 2004-08-26 at 11:47, Yaakov Yehudi wrote:
> > > In spite of many reports to the contrary, Linux is _not_ secure by
> > default.
> > > Did you harden it?  There is a lot of documentation on the
> > web as to
> > > how to go about it.
> > >
> > > YY
> > Hello Yaakov,
> >
> > This system was a pure debian woody none-production one with
> > all services disabled - just ssh was left open in order to
> > see for what purpose the scan was! Yes, there was a guest
> > account with a weak passwort (guest) on it!
> > And yes, they logged in and became root in no time. But I
> > thought the kernel compiled from the latest debian woody
> > kernel-source could be considered to be save. But I was
> > wrong! So I posted the tools used by the attackers to this
> > list and also to the debian security team.
> >
> > Richard
> >
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html