Security Incidents mailing list archives
Re: SSH2 Exploit?
From: jonz () NETRAIL NET (Jonathan A. Zdziarski)
Date: Fri, 11 Feb 2000 10:42:33 -0500
I know the latest qpopper has exploits which is why we use the pre-beta versions. I've since wrapped ssh to run from inetd, and prevented any connections outside of our network. Thank you, Jonathan A. Zdziarski Director - MIS NetRail, inc. 230 Peachtree St. Suite 1700 Atlanta, GA 30303 404-522-5400 x240
-----Original Message----- From: Thiago/c0nd0r [mailto:condor () sekure org] Sent: Friday, February 11, 2000 7:35 AM To: Jonathan A. Zdziarski Cc: incidents () lists securityfocus com Subject: Re: SSH2 Exploit? A friend of mine had the same problem. It was a linux box running SSH2 and a native POP server (the latest version). As it was complete erased, I was unable to recover further information. -condor www.sekure.org s e k u r e Portal Brasileiro de Seguranca www.securenet.com.br On Wed, 9 Feb 2000, Jonathan A. Zdziarski wrote:We recently had one of our remote logging servers compromised. It was totally locked down running only ssh2; all inet processes wereturned off.Unfortunately, they obliterated the disk so we were not able to get any information about how they exploited our machine, however since the only point of entry was SSH2, I'm very concerned about a possiblyvulnerabilityin the code. What is the general consensus of the 'mostsecure' version ofssh? 1.2.27? Thank you, Jonathan A. Zdziarski Director - MIS NetRail, inc. 230 Peachtree St. Suite 1700 Atlanta, GA 30303 404-522-5400 x240
Current thread:
- Re: Recent DDoS, (continued)
- Re: Recent DDoS Qmail Admin (Feb 09)
- Port 34545 jimwebb () EASYSTREET COM (Feb 09)
- Re: Recent DDoS MMS26 (Feb 09)
- Re: Recent DDoS Vanja Hrustic (Feb 09)
- Re: Recent DDoS (was Ping flood? Whats the point?) Kerry Baker (Feb 09)
- Re: Recent DDoS (was Ping flood? Whats the point?) Eivind Eklund (Feb 11)
- SSH2 Exploit? Jonathan A. Zdziarski (Feb 09)
- Re: SSH2 Exploit? Alexander Kiwerski (Feb 10)
- Re: SSH2 Exploit? Richard Trott (Feb 10)
- Re: SSH2 Exploit? Thiago/c0nd0r (Feb 11)
- Re: SSH2 Exploit? Jonathan A. Zdziarski (Feb 11)
- Re: SSH2 Exploit? Thiago/c0nd0r (Feb 11)
- Re: SSH2 Exploit? Mike Tancsa (Feb 15)
- Re: SSH2 Exploit? //Stany (Feb 16)
- Re: SSH2 Exploit? sysadmin (Feb 16)
- AdForce hitting odd ports Rick Tortorella (Feb 11)
- UDP to 161 CL: Nelson, Jeff (Feb 10)
- Re: UDP to 161 Pavel Kankovsky (Feb 15)
- Re: UDP to 161 Ryan Russell (Feb 15)
- Re: UDP to 161 CyberPsychotic (Feb 16)
- Re: UDP to 161 Russell Fulton (Feb 15)