Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Full Disclosure: Re: SSH/OPENSSH HOLE ALL VERSIONS.

Re: SSH/OPENSSH HOLE ALL VERSIONS.

From: aeonflux <aeonflux_at_aeonflux.no-ip.com>
Date: Sat, 8 Mar 2003 23:38:33 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tuesday 04 March 2003 6:18 pm, diacetyl_at_hushmail.com wrote:
> The ssh command contains an innate system of backdooring that can be
> levereged by an attacker to gain the access of another user.
>
> The crux of this problem lies in the face that any public key dropped to
> ~/.ssh/authorized_keys may be used to gain entry to the machine under the
> priveledges of that user by he who posesses the corresponding private key.

Duh...... this is not a flaw. However, this advisory appears to be a
joke.... more then likely the work of the evil gobbles :-)

in particular ....

V. PROPS

iDEFENSE for their elite file advisory
http://lists.netsys.com/pipermail/full-disclosure/2003-March/004423.html
these warriors of full-disclosure give me the courage to release this
vulnerability even after death threats from evil blackhats who shut off
my power, ruined my credit, and got me fired from my job.

Hahaha.... ;-)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+arc81mDajpZ9rHwRAkbuAKCXbKGDc8B7b+v5KbzRTXR3fdskuACfdq08
xgbr4jrXVUnCa9FaSpQ5dNc=
=JmZR
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Received on Mar 09 2003

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos