View Single Post
  #2   (View Single Post)  
Old 3rd December 2012
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
Join Date: May 2008
Location: USA
Posts: 6,385

From the article...
The published holes in FreeSSHd's and the SSH protocol developers' SSH servers are nothing short of embarrassing. Apparently, both holes can be exploited to bypass the password check and log in with an arbitrary password. With SSH's Tectia server, the exploit description says that attackers can modify a legitimate user's password by calling input_userauth_passwd_changereq() before logging in. In case of the FreeSSHd/FreeFTPd server, all that appears to be required is to ignore a refusal message by the server and declare the session to be open at the right time. All the exploit has to do is add an extra call to the existing ssh_session2() function of the regular openssh client.
I am thankful the BSDs and most *nixes use OpenSSH servers.
Reply With Quote