NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Mandrake Linux> 2003-q2

Re: [discuss] SSH vulnerability still there

From: Buchan Milne (bgmilnecae.co.za)
Date: Wed Jun 11 2003 - 08:05:35 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Pierre BETOUIN wrote:
> Hello,
>
> Why Mandrake sshd (9.1 and Cooker too) are still bugged (we can guess if
> a user exists on a box, or not, because of a time difference in the
> answer) ?
>
> Even drakupdate doesn't have the updated package.
>
> http://lists.netsys.com/pipermail/full-disclosure/2003-May/009516.html

According to the post:

1)This is against the latest version of ssh, has a comprehensive patch
been released for this? I don't see how Mandrake can push an update if
there is no patch. According to
http://lab.mediaservice.net/advisory/2003-01-openssh.txt, there is a
patch which solves some problems, but does not remove all the problems.

2)You should be able to prevent this with grsecurity settings, which are
available on the secure kernel, however you need to enable them in
/etc/sysctl.conf

3)You can also prevent the problem by making a change to your pam
settings in /etc/pam.d/system-auth (or the sshd pam file if you don't
use pam_stack).
auth sufficient /lib/security/pam_unix.so likeauth nullok nodelay

Gentoo is the only vendor to have any advisory/patch, and since they
update the shadow package, it is likely that they just add the 'nodelay'
option, however it is potentially problematic to do this on all machines
irrespective of possible local authentication mechanisms without full
testing.

Regards,
Buchan

- --
|--------------Another happy Mandrake Club member--------------|
Buchan Milne Mechanical Engineer, Network Manager
Cellphone * Work +27 82 472 2231 * +27 21 8828820x202
Stellenbosch Automotive Engineering http://www.cae.co.za
GPG Key http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE+5ykerJK6UGDSBKcRAmrHAJ9j3dL2dy+18ZdVRwkULB15en0rjQCgySkj
0P/GNMOzpn+ljSAbw71ZA3E=
=oe7S
-----END PGP SIGNATURE-----

******************************************************************
Please click on http://www.cae.co.za/disclaimer.htm to read our
e-mail disclaimer or send an e-mail to infocae.co.za for a copy.
******************************************************************

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]