Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi all! We have been experiencing an issue on site where threads have been missing the latest postings. The platform host Vanilla are working on this issue. A workaround that has been used by some is to navigate back from 1 to 10+ pages to re-sync the thread and this will then show the latest posts. Thanks, Mike.
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

potential exploit in SSH ?

  • 15-05-2002 8:11pm
    #1
    Hecate
    Registered Users, Registered Users 2 Posts: 2,518 ✭✭✭


    One of the users of a box (FreeBSD 4.6-prerelease) I look after in college has informed me he was able to use ssh to gain root privelges on the server. Which was proved by logs.

    Unfortunately he's being very annoying and won't tell me or the other admin exactly how he did it.

    I know theres a bug in SSH1 that allows you to send arbitrary commands as the ssh daemon (ie: root), but this server is set to prefer SSH2.

    Anyone else heard anything about this ?


Comments

  • #2
    simpsons rule
    Closed Accounts Posts: 29 simpsons rule


    Originally posted by Hecate
    One of the users of a box (FreeBSD 4.6-prerelease) I look after in college has informed me he was able to use ssh to gain root privelges on the server. Which was proved by logs.
    maybe he was just logged in , in SSH and then did something completely and uttterly not to do with ssh. its always handy to be signed up to those bug reports mailing lists to keep on top of the changes .


  • #3
    Gerry
    Registered Users, Registered Users 2 Posts: 4,459 ✭✭✭Gerry


    Theres a root exploit if sshd is set to use the login program (UseLogin in sshd_config) but I didn't think it applied to freebsd login, just solaris and linux.


Advertisement