Home page logo

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] ssh/x11 forwarding disclosure
From: Riley Hassell <riley () SPEAKEASY NET>
Date: Fri, 8 Sep 2000 18:37:36 -0700

Well, all you can do is deny service to users who login via ssh-agent.


mkdir /tmp/ssh-usernamehere
chmod 0407 /tmp/ssh-usernamehe

  Riley Hassell
  Network Security
  Speakeasy Network
  Phone : 206-728-9770x151
  Email : riley () speakeasy net

On Fri, 8 Sep 2000, Crist Clark wrote:

Riley Hassell wrote:

If you make a directory in /tmp called
ssh-username you can disable another users X-forwarding.

Lame isn't it.

Please specify which SSH you are talking about when claims like this
are made. This was also a problem with the original post that started
this discussion. With OpenSSH-2.1,

  $ ls -ld /tmp/ssh*
  drwx------  2 cclark  wheel  512 Sep  8 10:33 /tmp/ssh-kms30342

This does not work. I believe the naming is ssh-XXX[pid] where XXX
are randomly chosen from [A-Za-z] and [pid] is the spawned sshd's PID.
Crist J. Clark                                Network Security Engineer
crist.clark () globalstar com                    Globalstar, L.P.
(408) 933-4387                                FAX: (408) 933-4926

The information contained in this e-mail message is confidential,
intended only for the use of the individual or entity named above.  If
the reader of this e-mail is not the intended recipient, or the employee
or agent responsible to deliver it to the intended recipient, you are
hereby notified that any review, dissemination, distribution or copying
of this communication is strictly prohibited.  If you have received this
e-mail in error, please contact postmaster () globalstar com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]