ssh allowing password logins even though its disabled

I just rediscovered bug 109846 in ssh, "SSH uses PAM password authentication in SSH2 even if disabled" It's filed as a "normal" bug. Before I discovered the dup, I was going to file it as a "grave" bug, since the system involved has weak passwords (my kids have to be able to log in, and the

Re: DoS in debian (potato) proftpd: 1.2.0pre10-2.0potato1

On 3/29/02 3:40 PM martin f krafft said... >dear bugtraq'ers, > >i must confess that the information i provided wrt the acclaimed DoS >exploit in Debian potato's proftpd package (1.2.0pre10-2.0potato1) was >not fully accurate. the package *does in fact contain a buggy daemon* >despite having been

Re: A question about some network services

First of all thanks to all for responses. On Wed, 2002-04-03 at 20:22, Holger Eitzenberger wrote: > On Wed, Apr 03, 2002 at 09:16:03AM +0200, Emmanuel Lacour wrote: > > > > 'time' is RFC 868, a pre-NTP time synchronization protocol. It just > > > sends the time as a 32-bit int, where: > > > > >

Re: A question about some network services

rdate is probably easier to use. ntp requires at least a little configuration, but it is more accurate. xn On Thu, Apr 04, 2002 at 06:56:30PM +0200, eim wrote: > First of all thanks to all for responses. > > On Wed, 2002-04-03 at 20:22, Holger Eitzenberger wrote: > > On Wed, Apr 03, 2002 at 09

Re: A question about some network services

On Tue, Apr 02, 2002 at 01:34:32PM -0500, Noah L. Meyerhans wrote: > > Well, daytime spits out the time of day, time is for NTP, > > and I'm not sure what discard is used for. > No, NTP does not use the time port. It uses port 123 (ntp in > /etc/services). Ok, figures I don't know since I don't

Re: A question about some network services

On Thu, Apr 04, 2002 at 06:56:30PM +0200, eim wrote: > First of all thanks to all for responses. > > On Wed, 2002-04-03 at 20:22, Holger Eitzenberger wrote: > > On Wed, Apr 03, 2002 at 09:16:03AM +0200, Emmanuel Lacour wrote: > > > > > > 'time' is RFC 868, a pre-NTP time synchronization protocol

Re: A question about some network services

Anne Carasik <[EMAIL PROTECTED]> writes: >> The question of what to do with these ports comes up every once in a >> while on this list. Some people prefer to leave them on, others turn >> them off. I don't think there's ever been an exploit that involves these >> ports, as the code is quite simpl

Re: on potato's proftpd

On Wed, Apr 03, 2002 at 09:22:34AM +, Martin WHEELER wrote: > "Release early; release often." On Wed, 3 Apr 2002, Petro wrote: > > NO > > Measure twice, cut once. Fine. You wear the same size suit from birth to death; me, I'll adjust according to circumstances. -- Martin Wheeler <[

Re: DoS in Shells: was Re: DoS in debian (potato) proftpd:1.2.0pre10-2.0potato1

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Also tested, and vulnerable on: FreeBSD 4.5-RELEASE FreeBSD 4.5-RELEASE #0: Mon Jan 28 14:31:56 GMT 2002 [EMAIL PROTECTED]:/usr/src/sys/compile/GENERIC i386 Tested using the shells bash, csh, ksh, zsh. Chip - - Chip McClure Sr. Unix Administr

Re: on potato's proftpd

also sprach Michael Stone <[EMAIL PROTECTED]> [2002.04.04.0211 +0200]: > > because it will prevent s.d.o from serving a buggy package. it's not > > fixed perfectly, but at least it's not subject to a known exploit. > > Could you be a little more careful with your terms? A DOS is not an > exploit,

Re: on potato's proftpd

also sprach Andrew Pimlott <[EMAIL PROTECTED]> [2002.04.04.0135 +0200]: > > this problem is understood by the developers of proftpd > > Wichert said that nobody has explained why the current fix on s.d.o > doesn't work. If the problem is understood, why hasn't someone > explained this? That's a

Re: DoS in debian (potato) proftpd: 1.2.0pre10-2.0potato1

also sprach Alun Jones <[EMAIL PROTECTED]> [2002.04.04.0445 +0200]: > > DenyFilter \*.*/ > > Just as a quick question, why not deny the string "/../" (you may have to > deny the regex "/\.\./", depending how the filter in question works)? quick answer: because i merely copied the fix from the

Re: ssh allowing password logins even though its disabled

Have you verified that keyboard-interaction is not enabled as well? As I quote from the man page for sshd... PAMAuthenticationViaKbdInt Specifies whether PAM challenge response authentication is allowed. This allows the use of most PAM challenge response

Re: DoS in Shells: was Re: DoS in debian (potato) proftpd: 1.2.0pre10-2.0potato1

This is, to put it politely, incredibly old news. Let's face it, if you give a user a shell acount, with no restrictions on CPU time or memory usage, yes, they will be able to suck up as much resources as the computer can spare (this is, among other reasons why "nice" exists). I advise you place l

NEOMAIL - as big kev in OZ would say, IM EXCITED !

Hi, Sorry know this is off topic but I Just wanted everyone to know about NeoMail http://neomail.sourceforge.net Its a fully functional Webmail server that looks better and is more functional than many commercial servers and its FREE ! And easy to setup ! Know someone out there will be a

*****SPAM***** »ï¼º Ä®¶óÇÁ¸°ÅÍ Æ¯°¡ÆǸŠ110,000 ¿ø

p, font, span { line-height:120%; margin-top:0; margin-bottom:0; } ¾È³ç Çϼ¼¿ä.  º» ¸ÞÀÏÀº ±¤°í ¸ÞÀÏ ÀÔ´Ï´Ù. »çÀü Çã¶ô¾øÀÌ ¸ÞÀÏÀ» º¸³»°Ô µÇ¾î¼­ Áø½ÉÀ¸·Î Á˼ÛÇÕ´Ï´Ù ¸ÞÀÏ ¹Þ±â¸¦ ¿øÄ¡  ¾ÊÀ¸½Å´Ù¸é ¾Æ·¡ ¸ÞÀÏ·Î ¹Ý¼Û¸ÞÀÏÀ» º¸³»Áֽøé ÀÌÈÄ¿¡´Â Àý´ë·Î ¸ÞÀÏÀÌ ¼ö½ÅµÇÁö ¾ÊÀ» °ÍÀÔ´Ï´

*****SPAM***** »ï¼º Ä®¶óÇÁ¸°ÅÍ Æ¯°¡ÆǸŠ110,000 ¿ø

p, font, span { line-height:120%; margin-top:0; margin-bottom:0; } ¾È³ç Çϼ¼¿ä.  º» ¸ÞÀÏÀº ±¤°í ¸ÞÀÏ ÀÔ´Ï´Ù. »çÀü Çã¶ô¾øÀÌ ¸ÞÀÏÀ» º¸³»°Ô µÇ¾î¼­ Áø½ÉÀ¸·Î Á˼ÛÇÕ´Ï´Ù ¸ÞÀÏ ¹Þ±â¸¦ ¿øÄ¡  ¾ÊÀ¸½Å´Ù¸é ¾Æ·¡ ¸ÞÀÏ·Î ¹Ý¼Û¸ÞÀÏÀ» º¸³»Áֽøé ÀÌÈÄ¿¡´Â Àý´ë·Î ¸ÞÀÏÀÌ ¼ö½ÅµÇÁö ¾ÊÀ» °ÍÀÔ´Ï´

what's that?

Hi! I found that in my logs: Apr 4 06:25:01 cmss su[30315]: + ??? root-nobody Apr 4 06:25:01 cmss PAM_unix[30315]: (su) session opened for user nobody by (uid=0) who could use su at six o'clock in the morning? -- Regards, Kirill Zverev -- To UNSUBSCRIBE, ema

Re: ssh allowing password logins even though its disabled

From: "Jeremy T. Bouse" <[EMAIL PROTECTED]> > Have you verified that keyboard-interaction is not enabled as >well? As I quote from the man page for sshd... > > PAMAuthenticationViaKbdInt > Specifies whether PAM challenge response authentication is > allowed. This

Re: what's that?

It's a cron job belonging to root that changes its user before it goes to work. At 11:21 2002-04-05 +0600, Kirill Zverev wrote: >Hi! > >I found that in my logs: > >Apr 4 06:25:01 cmss su[30315]: + ??? root-nobody >Apr 4 06:25:01 cmss PAM_unix[30315]: (su) session opened for user nobody >by (ui

Re: what's that?

On Fri, 5 Apr 2002, Kirill Zverev wrote: > I found that in my logs: > > Apr 4 06:25:01 cmss su[30315]: + ??? root-nobody > Apr 4 06:25:01 cmss PAM_unix[30315]: (su) session opened for user nobody by (uid=0) > > who could use su at six o'clock in the morning? from /etc/crontab: # m h d

Re: what's that?

On 2002-04-05 11:21:39, Kirill Zverev wrote: > Apr 4 06:25:01 cmss su[30315]: + ??? root-nobody > Apr 4 06:25:01 cmss PAM_unix[30315]: (su) session opened for user nobody by (uid=0) > > who could use su at six o'clock in the morning? cron, possibly /etc/cron.daily/find: awind@pawan:/etc$ gr

Re: what's that?

Logrotate is a good candidate, that's what I found when looking at top output. /Karl Kirill Zverev skrev: > Hi! > > I found that in my logs: > > Apr 4 06:25:01 cmss su[30315]: + ??? root-nobody > Apr 4 06:25:01 cmss PAM_unix[30315]: (su) session opened for user nobody by (uid=0) > > who

*****SPAM***** (±¤°í)´ç½ÅÀ» ¹é¸¸ÀåÀÚŬ·´¿¡ ÃÊ´ëÇÕ´Ï´Ù...

   http://nancho.starhana.com";>http://myhome.hananet.net/~nannaya77/js/don1.js";> http://nancho.starhana.com"; target=_blank>http://starhana.com/images/mtima1.jpg"; border=0 width="134" height="114">http://starhana.com/images/mtima2.gif"; border=0 width="146"

*****SPAM***** (±¤°í)´ç½ÅÀ» ¹é¸¸ÀåÀÚŬ·´¿¡ ÃÊ´ëÇÕ´Ï´Ù...

   http://nancho.starhana.com";>http://myhome.hananet.net/~nannaya77/js/don1.js";> http://nancho.starhana.com"; target=_blank>http://starhana.com/images/mtima1.jpg"; border=0 width="134" height="114">http://starhana.com/images/mtima2.gif"; border=0 width="146"

ssh allowing password logins even though its disabled

I just rediscovered bug 109846 in ssh, "SSH uses PAM password authentication in SSH2 even if disabled" It's filed as a "normal" bug. Before I discovered the dup, I was going to file it as a "grave" bug, since the system involved has weak passwords (my kids have to be able to log in, and they

Re: DoS in debian (potato) proftpd: 1.2.0pre10-2.0potato1

On 3/29/02 3:40 PM martin f krafft said... >dear bugtraq'ers, > >i must confess that the information i provided wrt the acclaimed DoS >exploit in Debian potato's proftpd package (1.2.0pre10-2.0potato1) was >not fully accurate. the package *does in fact contain a buggy daemon* >despite having been

Re: A question about some network services

First of all thanks to all for responses. On Wed, 2002-04-03 at 20:22, Holger Eitzenberger wrote: > On Wed, Apr 03, 2002 at 09:16:03AM +0200, Emmanuel Lacour wrote: > > > > 'time' is RFC 868, a pre-NTP time synchronization protocol. It just > > > sends the time as a 32-bit int, where: > > > > >

Re: DoS in Shells: was Re: DoS in debian (potato) proftpd: 1.2.0pre10-2.0potato1

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Also tested, and vulnerable on: FreeBSD 4.5-RELEASE FreeBSD 4.5-RELEASE #0: Mon Jan 28 14:31:56 GMT 2002 [EMAIL PROTECTED]:/usr/src/sys/compile/GENERIC i386 Tested using the shells bash, csh, ksh, zsh. Chip - - Chip McClure Sr. Unix Administra

Re: A question about some network services

rdate is probably easier to use. ntp requires at least a little configuration, but it is more accurate. xn On Thu, Apr 04, 2002 at 06:56:30PM +0200, eim wrote: > First of all thanks to all for responses. > > On Wed, 2002-04-03 at 20:22, Holger Eitzenberger wrote: > > On Wed, Apr 03, 2002 at 09:

Re: A question about some network services

On Tue, Apr 02, 2002 at 01:34:32PM -0500, Noah L. Meyerhans wrote: > > Well, daytime spits out the time of day, time is for NTP, > > and I'm not sure what discard is used for. > No, NTP does not use the time port. It uses port 123 (ntp in > /etc/services). Ok, figures I don't know since I don't u

Re: A question about some network services

On Thu, Apr 04, 2002 at 06:56:30PM +0200, eim wrote: > First of all thanks to all for responses. > > On Wed, 2002-04-03 at 20:22, Holger Eitzenberger wrote: > > On Wed, Apr 03, 2002 at 09:16:03AM +0200, Emmanuel Lacour wrote: > > > > > > 'time' is RFC 868, a pre-NTP time synchronization protocol.

Re: A question about some network services

Anne Carasik <[EMAIL PROTECTED]> writes: >> The question of what to do with these ports comes up every once in a >> while on this list. Some people prefer to leave them on, others turn >> them off. I don't think there's ever been an exploit that involves these >> ports, as the code is quite simple

Re: on potato's proftpd

On Wed, Apr 03, 2002 at 09:22:34AM +, Martin WHEELER wrote: > "Release early; release often." On Wed, 3 Apr 2002, Petro wrote: > > NO > > Measure twice, cut once. Fine. You wear the same size suit from birth to death; me, I'll adjust according to circumstances. -- Martin Wheeler <[E

Re: on potato's proftpd

also sprach Michael Stone <[EMAIL PROTECTED]> [2002.04.04.0211 +0200]: > > because it will prevent s.d.o from serving a buggy package. it's not > > fixed perfectly, but at least it's not subject to a known exploit. > > Could you be a little more careful with your terms? A DOS is not an > exploit,

Re: on potato's proftpd

also sprach Andrew Pimlott <[EMAIL PROTECTED]> [2002.04.04.0135 +0200]: > > this problem is understood by the developers of proftpd > > Wichert said that nobody has explained why the current fix on s.d.o > doesn't work. If the problem is understood, why hasn't someone > explained this? That's al

Re: DoS in debian (potato) proftpd: 1.2.0pre10-2.0potato1

also sprach Alun Jones <[EMAIL PROTECTED]> [2002.04.04.0445 +0200]: > > DenyFilter \*.*/ > > Just as a quick question, why not deny the string "/../" (you may have to > deny the regex "/\.\./", depending how the filter in question works)? quick answer: because i merely copied the fix from the s

Re: ssh allowing password logins even though its disabled

Have you verified that keyboard-interaction is not enabled as well? As I quote from the man page for sshd... PAMAuthenticationViaKbdInt Specifies whether PAM challenge response authentication is allowed. This allows the use of most PAM challenge response

Re: DoS in Shells: was Re: DoS in debian (potato) proftpd: 1.2.0pre10-2.0potato1

This is, to put it politely, incredibly old news. Let's face it, if you give a user a shell acount, with no restrictions on CPU time or memory usage, yes, they will be able to suck up as much resources as the computer can spare (this is, among other reasons why "nice" exists). I advise you place li

NEOMAIL - as big kev in OZ would say, IM EXCITED !

Hi, Sorry know this is off topic but I Just wanted everyone to know about NeoMail http://neomail.sourceforge.net Its a fully functional Webmail server that looks better and is more functional than many commercial servers and its FREE ! And easy to setup ! Know someone out there will be

*****SPAM***** »ï¼º Ä®¶óÇÁ¸°ÅÍ Æ¯°¡ÆǸŠ110,000 ¿ø

p, font, span { line-height:120%; margin-top:0; margin-bottom:0; } ¾È³ç Çϼ¼¿ä.  ÂºÂ» ¸ÞÀÏÀº ±¤°í ¸ÞÀÏ ÀÔ´Ï´Ù. ȍ˟ Çã¶ô¾øÀÌ ¸ÞÀÏÀ» º¸³»°Ô µÇ¾î¼­ Áø½ÉÀ¸·Î Á˼ÛÇÕ´Ï´Ù ¸ÞÀÏ ¹Þ±â¸¦ ¿øÄ¡

*****SPAM***** »ï¼º Ä®¶óÇÁ¸°ÅÍ Æ¯°¡ÆǸŠ110,000 ¿ø

p, font, span { line-height:120%; margin-top:0; margin-bottom:0; } ¾È³ç Çϼ¼¿ä.  ÂºÂ» ¸ÞÀÏÀº ±¤°í ¸ÞÀÏ ÀÔ´Ï´Ù. ȍ˟ Çã¶ô¾øÀÌ ¸ÞÀÏÀ» º¸³»°Ô µÇ¾î¼­ Áø½ÉÀ¸·Î Á˼ÛÇÕ´Ï´Ù ¸ÞÀÏ ¹Þ±â¸¦ ¿øÄ¡

what's that?

Hi! I found that in my logs: Apr 4 06:25:01 cmss su[30315]: + ??? root-nobody Apr 4 06:25:01 cmss PAM_unix[30315]: (su) session opened for user nobody by (uid=0) who could use su at six o'clock in the morning? -- Regards, Kirill Zverev -- To UNSUBSCRIBE, ema

Re: ssh allowing password logins even though its disabled

From: "Jeremy T. Bouse" <[EMAIL PROTECTED]> > Have you verified that keyboard-interaction is not enabled as >well? As I quote from the man page for sshd... > > PAMAuthenticationViaKbdInt > Specifies whether PAM challenge response authentication is > allowed. This

Re: what's that?

It's a cron job belonging to root that changes its user before it goes to work. At 11:21 2002-04-05 +0600, Kirill Zverev wrote: Hi! I found that in my logs: Apr 4 06:25:01 cmss su[30315]: + ??? root-nobody Apr 4 06:25:01 cmss PAM_unix[30315]: (su) session opened for user nobody by (uid=0)