From owner-freebsd-security Mon Mar 26 11:14: 0 2001 Delivered-To: freebsd-security@freebsd.org Received: from astral.isec.com.br (astral.isec.com.br [200.254.79.62]) by hub.freebsd.org (Postfix) with SMTP id 7723C37B719 for ; Mon, 26 Mar 2001 11:13:53 -0800 (PST) (envelope-from duwde@duwde.com.br) Received: (qmail 10754 invoked from network); 26 Mar 2001 19:11:54 -0000 Received: from localhost.isec.com.br (HELO duwde.com.br) (127.0.0.1) by localhost.isec.com.br with SMTP; 26 Mar 2001 19:11:54 -0000 Message-ID: <3ABF93BE.A855334@duwde.com.br> Date: Mon, 26 Mar 2001 16:08:46 -0300 From: "Duwde (Fabio V. Dias)" X-Mailer: Mozilla 4.76 [en] (X11; U; FreeBSD 4.3-RC i386) X-Accept-Language: en MIME-Version: 1.0 To: security-officer@FreeBSD.org, freebsd-security@freebsd.org Subject: SSHD revelaing too much information. Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org To the FreeBSD Security Officer & FreeBSD Security List. (Please reply, if need, to my email too) I've already posted this at FreeBSD-stable@freebsd.org but it seems some people haven't agreed on this issue, so I'm posting this here, as it's security related. As of 2001/03/22 we have : (and it's still on 4.x-stable of today, 4.3-RC) -- bash-2.04$ cat /usr/src/crypto/openssh/version.h /* $FreeBSD: src/crypto/openssh/version.h,v 1.1.1.1.2.4 2001/03/22 00:30:56 green Exp $ */ /* $OpenBSD: version.h,v 1.13 2000/10/16 09:38:45 djm Exp $ */ #define SSH_VERSION "OpenSSH_2.3.0 green@FreeBSD.org 20010321" bash-2.04$ -- It seems some fixes has been made on OpenSSH 2.3.0 or so, and the string "green@FreeBSD.org 20010321" has been added to SSH_VERSION. The problem is that this is using on the initial SSHD login procedure : -- bash-2.04$ telnet localhost 22 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. SSH-1.5-OpenSSH_2.3.0 green@FreeBSD.org 20010321 -- So as SSHD is a daemon USUALLY enable to the whole internet, anyone can find out what OS (FreeBSD), and what SSHD *cvsuped" version is running. As well as if it has been fixed or NOT. So targeting attacks to unfixed SSHDs running FreeBSD would be made easier, as well as any other attacks in the future, 'cause there will be no doubt of what OS the host is running. (plus a good idea of its version, using the 20010321 string) Btw, there is no need to let anyone know if the SSHD is fixed or NOT, nor the OS version, and SSHD exact modification date by the freebsd team. Is there ? Please let me know if I'm missing something... -- Fabio Vilan Dias / Duwde PGP key @ http://www.duwde.com.br/duwdepgp.asc FP = BB35 50F2 7F83 655D 6B11 F0A2 F8E2 FF3D To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message