[9209] in bugtraq
Re: SSH 1.x and 2.x Daemon
daemon@ATHENA.MIT.EDU (Alan Olsen)
Mon Jan 25 16:17:56 1999
Date: Sun, 24 Jan 1999 19:31:34 -0800
Reply-To: Alan Olsen <alan@CLUESERVER.ORG>
From: Alan Olsen <alan@CLUESERVER.ORG>
X-To: KuRuPTioN <kuruption@CHA0S.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <000601be471c$aa26abb0$28b50318@noc.plfld1.nj.home.com>
At 05:06 PM 1/23/99 -0500, KuRuPTioN wrote:
>There seems to be incomplete code in the SSH daemon in both versions 1.2.27
>and 2.0.11 (only tested). The bug simply allows users who with expired
>accounts (in /etc/shadow) to continue to login even though other such
>services such as ftp and telnet deny access. Here is the log using 1.2.27
>(but the same happens with 2.0.11).
Furthermore, if the account is disabled in /etc/passwd and a user logs in
via a public key, they are still allowed access. (So just diabling a user
account is not enough anymore. You have to look for uses of public keys as
well.)
This may not exist in the 2.x series (I have not tested it there), but it
does occur in the 1.2.x series. (I have not tested the latest version on
this...)
I would verify the above before panic, but I have seen it occur under one
such install of 1.2.x. (I will have to look up the version. The drive was
removed soon after due to hacker d00dz.)
---
| Bill Clinton - Bringing back the Sixties one Nixon at a time! |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer: |
| mankind free in one-key-steganography-privacy!" | Ignore the man |
| | behind the keyboard.|
| http://www.ctrl-alt-del.com/~alan/ |alan@ctrl-alt-del.com|
