Berkeley CSUA MOTD:Entry 25201
Berkeley CSUA MOTD
 
WIKI | FAQ | Tech FAQ
http://csua.com/feed/
2025/07/08 [General] UID:1000 Activity:popular
7/8     

2002/6/26-27 [Computer/SW/Security, Computer/SW/OS/FreeBSD] UID:25201 Activity:high
6/26    Upgrade to OpenSSH 3.4 ASAP: http://www.openssh.com/txt/iss.adv
        \_ so is 3.3 fixed too (i thought) or just better because of
           PrivilegeSeparation.
           \_ 3.3 doesn't have a fix but if you enable priv sep on 3.3,
              the exploit won't result in a remote root explot
                \_ I don't know how you run your systems but i'd wager that
                   for most people (certainly for me) any remote exploit is
                   a remote root exploit.  There are simply too many local
                   exploits to always have them all fixed.
                   \_ Agreed. However one advantage of priv sep is that even
                      if sshd falls victim to a exploit, the intruder only
                      has user level access and them must find out which
                      of your local binaries have local exploits. This
                      leaves a trail which you can use to track the intruder
                      down.
                      \_ Not really.  By the time they find a local exploit,
                         which will be about 18 seconds on a bad day, you
                         won't be tracking anything.  Once they get a local
                         shell with any account it's all over.
        \_ Thanks for the link.  I was happy to see a quick kludge in there.
           I don't have time to deal with a full upgrade for real right now.
           \_ Just so you know turning off ChallengeResponse is a hack to fix
              the one known exploit, but it isn't a fix for the whole class
              of exploits that were found and fixed by the OpenSSH team in
              3.4. Try to upgrade as soon as you can.
                \_ On my list for tonight.  I didn't want to do it remotely
                   and fuck it up and cut myself off from my server.  Thanks
                   for pointing that out.
ERROR, url_link recursive (eces.Colorado.EDU/secure/mindterm2) 2025/07/08 [General] UID:1000 Activity:popular
7/8     

You may also be interested in these entries...
2013/10/24-11/21 [Computer/Companies/Apple] UID:54747 Activity:nil
9/19    "No, A Severed Finger Will Not Be Able to Access a Stolen iPhone 5S"
        http://mashable.com/2013/09/15/severed-finger-iphone-5s
        I'm sure the Apple QA department has tested extensively that a severed
        finger will not be able to access a stolen iPhone 5S.
        \_ It doesn't matter whether or not a severed finger can be used.  It
           matters whether or not a robber thinks that a severed finger can be
	...
2013/6/6-7/31 [Politics/Foreign/Asia/China, Computer/SW/Security] UID:54690 Activity:nil
6/6     Wow, NSA rocks. Who would have thought they had access to major
        data exchangers? I have much more respect for government workers,
        crypto experts, mathematicans now than ever.
        \_ flea to Hong Kong --> best dim-sum in the world
           \_ "flee"
        \_ The dumb ones work for DMV, the smart ones for the NSA. If you
	...
2012/8/26-11/7 [Computer/SW/Security] UID:54465 Activity:nil
8/26    Poll: how many of you pub/priv key users: 1) use private keys that
        are not password protected 2) password protect your private keys
        but don't use ssh-agent 3) use ssh-agent:
        1) .
        2) ..
        3) ...
	...
2012/8/29-11/7 [Computer/SW/Security] UID:54467 Activity:nil
8/29    There was once a CSUA web page which runs an SSH client for logging
        on to soda.  Does that page still exist?  Can someone remind me of the
        URL please?  Thx.
        \_ what do you mean? instruction on how to ssh into soda?
           \_ No I think he means the ssh applet, which, iirc, was an applet
              that implemented an ssh v1 client.  I think this page went away
	...
2012/9/20-11/7 [Computer/SW/Unix, Finance/Investment] UID:54482 Activity:nil
9/20    How do I change my shell? chsh says "Cannot change ID to root."
        \_ /usr/bin/chsh does not have the SUID permission set. Without
           being set, it does not successfully change a user's shell.
           Typical newbie sys admin (on soda)
           \_ Actually, it does: -rwsr-xr-x 1 root root 37552 Feb 15  2011 /usr/bin/chsh
	...
2012/8/7-10/17 [Computer/SW/Security] UID:54455 Activity:nil
8/6     Amazon and Apple have lame security policies:
        http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all
        "First you call Amazon and tell them you are the account holder, and
         want to add a credit card number to the account. All you need is the
         name on the account, an associated e-mail address, and the billing
         address. "
	...
2009/5/4-6 [Computer/SW/OS/Linux, Computer/SW/OS/FreeBSD] UID:52939 Activity:moderate
5/4     I would appreciate a reliability ranking between:
        1) OpenBSD
        2) OpenSolaris
        3) FreeBSD
        4) Debian-Stable
        5) Suse Linux Enterprise Server
	...
2009/4/17-23 [Computer/SW/OS/FreeBSD] UID:52867 Activity:low
4/17    If you have a general access AssOS machines, this is worth
        taking this seriously. --psb
  http://c-skills.blogspot.com/2009/04/udev-trickery-cve-2009-1185-and-cve.html
        <DEAD>admin.fedoraproject.org/updates/udev-127-5.fc10<DEAD>
        \_ What does this have to do with MS Windows?
           \_ psb is a bsd lover.
	...
2008/12/10-16 [Computer/HW/CPU, Computer/HW/Drives] UID:52220 Activity:moderate
12/9    Another idea for the CSUA that lets you spend money and maybe get some
    cool toys. Instead of buying a beefy server (like say, a massive server
    with 20 386DX processors), buy a few cheap machines (like the ones
    mentioned below) that have good disks and work on failover / load
    balancing. A netscaler or other piece of hardware is complete overkill,
    but maybe hacking an OpenBSD box could do the trick. The idea is that
	...
2007/7/17 [Computer/SW/Languages/C_Cplusplus] UID:47312 Activity:nil
7/13    CSUA Life Roster
1 point each for:                                               key:
                significant other (out of county rule applies)   G
                car (Chevy Novas do count)                       C
                housing (dorms DO NOT count)                     H
                own computer running reasonable multi-tasking OS U
	...
2007/7/13-16 [Computer/Networking] UID:47279 Activity:nil
7/13    I'm thinking about getting a Soekris 4501 to replace my the P2-400
        that is currently acting as my home firewall. Has anyone used a
        Soekris system for this purpose? If so, how well does it work? Also,
        if there are any alternatives (similar power/form factor), I would
        appreciate links to those as well. tia.
        \_ John got me to use a WRAP box similar to Soekris.  I use this one:
	...
2007/3/15-17 [Computer/SW/OS/FreeBSD] UID:45977 Activity:nil
3/14    http://www.csua.org/u/i8o
        Remote exploit in OpenBSD kernel.  Security is hard.  And yes, it
        would be really difficult to exploit this in practice. -dans
	...
2007/3/13-14 [Computer/SW/OS/FreeBSD] UID:45949 Activity:nil
3/13    OpenBSD 4.1 preorder is up:
        http://www.openbsd.org/items.html#41
	...
2007/3/13-14 [Computer/SW/Security] UID:45950 Activity:nil
3/13    OpenSSH 4.6 is out:
        http://undeadly.org/cgi?action=article&sid=20070308183425
        Portable Version:
        ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-4.6p1.tar.gz
        OpenBSD Version:
        ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/openssh-4.6.tar.gz
	...
2006/11/8-9 [Computer/SW/Security] UID:45263 Activity:nil
11/8    OpenSSH 4.5 is out:
        http://www.openssh.org/txt/release-4.5
        ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/openssh-4.5.tar.gz
        ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-4.5p1.tar.gz
	...
2006/9/27-28 [Computer/SW/OS/FreeBSD, Computer/SW/Security] UID:44580 Activity:nil
9/27    OpenSSH 4.4 is leftist
        http://www.openssh.org/txt/release-4.4
        OpenBSD src:
        http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/openssh-4.4.tar.gz
        OpenBSD src signature:
        http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/openssh-4.4.tar.gz.asc
	...
2006/9/22-25 [Computer/SW/OS/FreeBSD] UID:44496 Activity:nil
9/22    OpenBSD 4.0 available for pre-order:
        http://www.openbsd.org/40.html
	...
2006/8/16-18 [Computer/SW/OS/FreeBSD] UID:44024 Activity:nil
8/16    Greatest piece of software ever written is 4.3 BSD:
        http://tinyurl.com/go7lv (informationweek.com)
        \_ Windows is run by more computers than all other OS combined.
           \_ that only makes it common, not great.
              \_ If it wasn't great people wouldn't use it.  They'd use 4.3
                 BSD.
	...
Cache (4242 bytes)
www.openssh.com/txt/iss.adv
Internet Security Systems Security Advisory June 26, 2002 OpenSSH Remote Challenge Vulnerability Synopsis: ISS X-Force has discovered a serious vulnerability in the default installation of OpenSSH on the OpenBSD operating system. OpenSSH is a free version of the SSH (Secure Shell) communications suite and is used as a secure replacement for protocols such as Telnet, Rlogin, Rsh, and Ftp. OpenSSH employs end-to-end encryption (including all passwords) and is resistant to network monitoring, eavesdropping, and connection hijacking attacks. X-Force is aware of active exploit development for this vulnerability. Impact: OpenBSD, FreeBSD-Current, and other OpenSSH implementations may be vulnerable to a remote, superuser compromise. Versions of FreeBSD-Current built between March 18, 2002 and June 23, 2002 are vulnerable to remote superuser compromise. Privilege separation was implemented in FreeBSD-Current on June 23, 2002. Note: OpenSSH is included in many operating system distributions, networking equipment, and security appliances. This mechanism, part of the SSH2 protocol, verifies a user's identity by generating a challenge and forcing the user to supply a number of responses. It is possible for a remote attacker to send a specially-crafted reply that triggers an overflow. This can result in a remote denial of service attack on the OpenSSH daemon or a complete remote compromise. The OpenSSH daemon runs with superuser privilege, so remote attackers can gain superuser access by exploiting this vulnerability. OpenSSH supports the SKEY and BSD_AUTH authentication options. At least one of these options must be enabled before the OpenSSH binaries are compiled for the vulnerable condition to be present. The SKEY and BSD_AUTH options are not enabled by default in many distributions. However, if these options are explicitly enabled, that build of OpenSSH may be vulnerable. ISS X-Force recommends that system administrators disable unused OpenSSH authentication mechanisms. Administrators can remove this vulnerability by disabling the Challenge-Response authentication parameter within the OpenSSH daemon configuration file. This filename and path is typically: /etc/ssh/sshd_config. To disable this parameter, locate the corresponding line and change it to the line below: ChallengeResponseAuthentication no The "sshd" process must be restarted for this change to take effect. This workaround will permanently remove the vulnerability. This version implements privilege separation, contains a patch to block this vulnerability, and contains many additional pro- active security fixes. Privilege separation was designed to limit exposure to known and unknown vulnerabilities. Additional Information: ISS X-Force and Black Hat consulting will host a presentation titled, "Professional Source Code Auditing" at Black Hat Briefings USA 2002. The presentation will explore advanced source code auditing techniques as well as secure development best-practices. Credits: The vulnerability described in this advisory was discovered and researched by Mark Dowd of the ISS X-Force. ISS would like to thank Theo de Raadt of the OpenBSD Project for his assistance with this advisory. About Internet Security Systems (ISS) Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is a pioneer and world leader in software and services that protect critical online resources from an ever-changing spectrum of threats and misuse. Internet Security Systems is headquartered in Atlanta, GA, with additional operations throughout the Americas, Asia, Australia, Europe and the Middle East. Permission is hereby granted for the electronic redistribution of this document. It is not to be edited or altered in any way without the express written consent of the Internet Security Systems X-Force. Disclaimer: The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.