Rootshell -- update
Adam D. McKenna
adam at flounder.net
Sun Nov 1 17:48:04 UTC 1998
>From http://www.ssh.fi/sshprotocols2/rootshell.html
NO KNOWN VULNERABILITIES IN SSH-1.2.26
The Rootshell page (www.rootshell.com) was modified by hackers on October
28th. The server running the page had Secure Shell 1.2.26 and it is assumed
that the entry was made via Secure Shell. This assumption is based on the fact
that no other service allowing connections was active.
SSH Communications Security also made an analysis of the problem, during which
the Secure Shell source code was thoroughly checked. No buffer overflows nor
any other security bugs were found. THERE ARE NO KNOWN VULNERABILITIES IN
SSH-1.2.26.
At the moment, it looks most likely that the Rootshell break in was made with
legitimate authentication that was gained by some means external to Secure
Shell. More information will be given if further analysis sheds more light to
the attack.
Last update November 1, 1998
---
bash: syntax error near unexpected token `:)'
Adam D. McKenna
adam at flounder.net
More information about the NANOG
mailing list