[ISN] No Known Vulnerabilities in SSH-1.2.26

From: mea culpa (jerichoat_private)
Date: Mon Nov 02 1998 - 21:11:29 PST

  • Next message: mea culpa: "[ISN] SEOS 2.5 For NT Demos at CSI Security Conf"

    The Rootshell Deface
    No Known Vulnerabilities in SSH-1.2.26
    The Rootshell page (www.rootshell.com) was modified by hackers on October
    The server running the page had Secure Shell 1.2.26 and it is assumed that
    the entry was made via Secure Shell. 
    This assumption is based on the fact that no other service allowing
    connections was active. 
    SSH Communications Security also made an analysis of the problem. The
    analysis was made together with CERT and IBM Emergency Response Team
    (IBM-ERS) who originally reported a possibility of making an exploit. SSH
    code, exploit information and logs from these organizations were analyzed
    but no vulnerabilities were found. 
    In the analysis no buffer overflows nor any other security bugs in Secure
    Shell were found. The IBM analysis shows however that either the Linux
    operating system or GCC compiler may have a problem which manifests itself
    as a bug in Secure Shell. In any case, this is not a bug in Secure Shell
    itself. The results with Linux are also preliminary as IBM was not able to
    do the exploit with clean builds of Linux either. 
    Below please find messages to SSH users from Tatu Ylonen, the original
    author of Secure Shell and IBM Emergency Response team who analyzed the
    problem and give their results. 
    Nothing indicates that Secure Shell is not secure to use. However, all
    users of Secure Shell are, as always, adviced to assure the secrecy of
    their passwords.  No security mechanism can protect the user if someone is
    able to get access to the password from a poorly stored note, a badly
    chosen password, etc. 
    SSH Communications Security will keep further analyzing the issue on Linux
    and will inform users immediately on this web site and on mailing lists
    once new information comes up. 
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:09:54 PDT