This advisory from OpenSSH should help clear this up: http://www.openssh.com/txt/preauth.adv Linux and Solaris are vulnerable if they support logon via s/key (I don't know if this is a default or not), due to a bug in the ChallengeResponseAuthentication code. They _might_ be vulnerable to a bug in the PAMAuthenticationViaKbdInt code, however, this has not been confirmed, and AFAIK, there are no working exploits currently circulating (i.e. Gobbles didn't release code for Linux) Considering that the flaws are almost identical, the PAM bug is most likely exploitable. -----Original Message----- From: chris [mailto:chris@secure-packets.com] Sent: Sunday, July 14, 2002 9:50 AM To: pen-testat_private Subject: OpenSSH (version < 3.4p1) && linux It seems there is much debate on whether linux based hosts are vulnerable to the recent remote root exploit for OpenSSH. I have seen advisories for FreeBSD/NetBSD/OpenBSD but the two systems that I have most encountered in my tests are Linux and Solaris, though I can't find a proof of concept exploit for these systems. Any information would be greatly appreciated. Thanx, ::chris ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Mon Jul 15 2002 - 11:04:25 PDT