[10284] in bugtraq
bug in ssh allowing to be invissible
daemon@ATHENA.MIT.EDU (Grzegorz Stelmaszek)
Tue Apr 20 14:10:47 1999
Date: Mon, 19 Apr 1999 15:30:20 +0200
Reply-To: Grzegorz Stelmaszek <greg@LIGHTING.ML.ORG>
From: Grzegorz Stelmaszek <greg@LIGHTING.ML.ORG>
To: BUGTRAQ@NETSPACE.ORG
Hi,
Sorry, but maybe i'll resend this email (I was very sleepy while writing
prev leter).
Hi,
I have just discoverd that there is a bug in sshd allowing ordinary user
to be showed as not logged in while logged in. You should simply ssh to
remote host and run command "bash". One that's not so good, is that you
will not have the controlling terminal, but ...
Look at this:
---
debian:~# w
9:51pm up 10 min, 3 users, load average: 0.00, 0.02, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root tty1 9:41pm 12.00s 0.81s 0.63s ssh -l
root tty2 9:44pm 6:30 0.22s 0.06s ppf
root tty3 9:44pm 0.00s 0.26s 0.04s w
debian:~# ssh -lgreg localhost /bin/bash
greg@127.0.0.1's password:
finger
Login Name Tty Idle Login Time Office Office Phone
root root *1 Apr 18 21:41
root root *2 6 Apr 18 21:44
root root *3 Apr 18 21:44
whoami
greg
---
This means that the potiential unprivialged user can use any account in
the system (hacked or so), and it's possible that root will not know what
is happening (or will know when it's too late ;-).
Vulnerable: all known by me ssh versions (<=1.2.26)
Solution: If this bug is as serious as i think i'll write a patch.
Regards,
Greg
*******************************************************************************
* Grzegorz Stelmaszek * For my public PGP key finger
* greg@lighting.ml.org * greg@lighting.ml.org
* http://www.lighting.ml.org *
******************************
