Entry 13541 (Berkeley CSUA MOTD)

Berkeley CSUA MOTD:Entry 13541

WIKI \| FAQ \| Tech FAQ
`http://csua.com/feed/`

2024/11/23 [General] UID:1000 Activity:popular

11/23

1998/1/21-22 [Computer/SW/Security] UID:13541 Activity:very high

1/21    ssh versions through 1.2.21 have security hole in ssh-agent - upgrade
        to 1.2.22 or stop using ssh agent until you do.
        \_ Uh oh... you mean people will be able to snoop my incredibly
           sensitive private email and see what porn I'm downloading?  Help!
           Help!  The sky is falling!
        \_ Any URL?
           \_ for the porn?
           \_ See:
              http://www.cs.hut.fi/ssh-archive/messages/980121-145129-28265 -dim
        \_ Once again, is there an URL confirming this?
           \_ http://www.cs.hut.fi/ssh-archive/messages/980121-145129-28265
           \_ Just read the freaking ssh 1.2.22 release notes or
                comp.security.ssh

ERROR, url_link recursive (eces.Colorado.EDU/secure/mindterm2) 2024/11/23 [General] UID:1000 Activity:popular

11/23

You may also be interested in these entries...

2013/10/24-11/21 [Computer/Companies/Apple] UID:54747 Activity:nil

9/19    "No, A Severed Finger Will Not Be Able to Access a Stolen iPhone 5S"
        http://mashable.com/2013/09/15/severed-finger-iphone-5s
        I'm sure the Apple QA department has tested extensively that a severed
        finger will not be able to access a stolen iPhone 5S.
        \_ It doesn't matter whether or not a severed finger can be used.  It
           matters whether or not a robber thinks that a severed finger can be
	...

2013/6/6-7/31 [Politics/Foreign/Asia/China, Computer/SW/Security] UID:54690 Activity:nil

6/6     Wow, NSA rocks. Who would have thought they had access to major
        data exchangers? I have much more respect for government workers,
        crypto experts, mathematicans now than ever.
        \_ flea to Hong Kong --> best dim-sum in the world
           \_ "flee"
        \_ The dumb ones work for DMV, the smart ones for the NSA. If you
	...

2012/8/26-11/7 [Computer/SW/Security] UID:54465 Activity:nil

8/26    Poll: how many of you pub/priv key users: 1) use private keys that
        are not password protected 2) password protect your private keys
        but don't use ssh-agent 3) use ssh-agent:
        1) .
        2) ..
        3) ...
	...

2012/8/29-11/7 [Computer/SW/Security] UID:54467 Activity:nil

8/29    There was once a CSUA web page which runs an SSH client for logging
        on to soda.  Does that page still exist?  Can someone remind me of the
        URL please?  Thx.
        \_ what do you mean? instruction on how to ssh into soda?
           \_ No I think he means the ssh applet, which, iirc, was an applet
              that implemented an ssh v1 client.  I think this page went away
	...

2012/9/24-11/7 [Computer/SW/Languages, Computer/SW/Unix] UID:54484 Activity:nil

9/24    How come changing my shell using ldapmodify (chsh doesn't work) doesn't
        work either? ldapsearch and getent show the new shell but I still get
        the old shell on login.
        \_ Scratch that, it magically took my new shell now. WTF?
           \_ probably nscd(8)
	...

2012/8/7-10/17 [Computer/SW/Security] UID:54455 Activity:nil

8/6     Amazon and Apple have lame security policies:
        http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all
        "First you call Amazon and tell them you are the account holder, and
         want to add a credit card number to the account. All you need is the
         name on the account, an associated e-mail address, and the billing
         address. "
	...

Cache (2835 bytes)

www.cs.hut.fi/ssh-archive/messages/980121-145129-28265ORG Subject: SNI-23: SSH - Vulnerability in ssh-agent -----BEGIN PGP SIGNED MESSAGE----- ###### ## ## ###### ## ### ## ## ###### ## # ## ## ## ## ### ## ###### . Security Advisory January 20, 1998 Vulnerability in ssh-agent This advisory details a vulnerabily in the SSH cryptographic login program. The vulnerability enables users to use RSA credentials belonging to other users who use the ssh-agent program. This vulnerability may allow an attacker on the same local host to login to a remote server as the user utilizing SSH. Problem Description: In order to avoid forcing users of RSA based authentication to go through the trouble of retyping their pass phrase every time they wish to use ssh, slogin, or scp, the SSH package includes a program called ssh-agent, which manages RSA keys for the SSH program. The ssh-agent program creates a mode 700 directory in /tmp, and then creates an AF_UNIX socket in that directory. Later, the user runs the ssh-add program, which adds his private key to the set of keys managed by the ssh-agent program. When the user wishes to access a service which permits him to log in using only his RSA key, the SSH client connects to the AF_UNIX socket, and asks the ssh-agent program for the key. Unfortunately, when connecting to the AF_UNIX socket, the SSH client is running as super-user, and performs insufficient permissions checking. This makes it possible for users to trick their SSH clients into using credentials belonging to other users. The end result is that any user who utilizes RSA authentication AND uses ssh-agent, is vulnerable. Attackers can utilize this vulnerability to access remote accounts belonging to the ssh-agent user. Technical Details When communicating with the ssh-agent program, the SSH program issues a connect() system call as super-user to access the AF_UNIX socket. By utilizing symbolic links, an attacker can cause the SSH program to connect to an alternate user's AF_UNIX socket, and read their RSA credentials. After the credentials have been read, SSH will use these credentials to logon to the remote system as the victim. Vulnerable Systems: This vulnerability effects the Unix versions of SSH ONLY. Users without a support contract can obtain a diff file which fixes this problem. This will prevent the attack from working, but will disable a form of authentication documented as rhosts-RSA. For example, if your SSH binary is in the /usr/local/bin directory, the following command will remove the setuid bit from the SSH binary: # chmod u-s /usr/local/bin/ssh Additional Information SSH is a cryptographic rsh, rlogin, and rcp replacement. For more information regarding this advisory, contact Secure Networks Inc. A PGP public key is provided below if privacy is required. Type Bits/KeyID Date User ID pub 1024/9E55000D 1997/01/13 Secure Networks Inc.