From owner-freebsd-security Thu Dec 13 13:38:22 2001 Delivered-To: freebsd-security@freebsd.org Received: from chaos.evolve.za.net (chaos.evolve.za.net [196.34.172.107]) by hub.freebsd.org (Postfix) with ESMTP id C23E737B405 for ; Thu, 13 Dec 2001 13:38:13 -0800 (PST) Received: from DAVE ([192.168.0.56]) by chaos.evolve.za.net (8.11.6/1.1.3) with SMTP id fBDLc8W64883 for ; Thu, 13 Dec 2001 23:38:09 +0200 (SAST) (envelope-from dave@raven.za.net) Message-ID: <004301c1841e$1450a7c0$3800a8c0@DAVE> From: "Dave Raven" To: References: <200112131742.fBDHgho79388@green.bikeshed.org> <20011213220407.5ac73e37.kzaraska@student.uci.agh.edu.pl> Subject: Re: Question about port 50000 Date: Thu, 13 Dec 2001 23:35:24 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-2" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Not sure if this has been shown, but how about a sockstat |grep 50000 ----- Original Message ----- From: "Krzysztof Zaraska" To: "Brian F. Feldman" Cc: Sent: Thursday, December 13, 2001 11:04 PM Subject: Re: Question about port 50000 On Thu, 13 Dec 2001 12:42:43 -0500 Brian F. Feldman wrote: > > Itīs really weird, > > Openssh from FreeBSD-4.4 is vulnerable, do you have Openssh istalled? > > No, OpenSSH is vulnerable if you for some reason had enabled UseLogin. > There's no reason to have done that... ...and the hostile user must have a valid account. So this not a remote-root exploit per se. Krzysztof To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message