http://www.ssh.fi/sshprotocols2/rootshell.html The Rootshell Deface No Known Vulnerabilities in SSH-1.2.26 The Rootshell page (www.rootshell.com) was modified by hackers on October 28th. The server running the page had Secure Shell 1.2.26 and it is assumed that the entry was made via Secure Shell. This assumption is based on the fact that no other service allowing connections was active. SSH Communications Security also made an analysis of the problem. The analysis was made together with CERT and IBM Emergency Response Team (IBM-ERS) who originally reported a possibility of making an exploit. SSH code, exploit information and logs from these organizations were analyzed but no vulnerabilities were found. In the analysis no buffer overflows nor any other security bugs in Secure Shell were found. The IBM analysis shows however that either the Linux operating system or GCC compiler may have a problem which manifests itself as a bug in Secure Shell. In any case, this is not a bug in Secure Shell itself. The results with Linux are also preliminary as IBM was not able to do the exploit with clean builds of Linux either. Below please find messages to SSH users from Tatu Ylonen, the original author of Secure Shell and IBM Emergency Response team who analyzed the problem and give their results. Nothing indicates that Secure Shell is not secure to use. However, all users of Secure Shell are, as always, adviced to assure the secrecy of their passwords. No security mechanism can protect the user if someone is able to get access to the password from a poorly stored note, a badly chosen password, etc. SSH Communications Security will keep further analyzing the issue on Linux and will inform users immediately on this web site and on mailing lists once new information comes up. -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:09:54 PDT