Mailinglist Archive: opensuse-security (685 mails)

< Previous Next >
Re: [suse-security] compromised SuSE7.3?
  • From: Mark Ruth <Mark.Ruth@xxxxxxx>
  • Date: Thu, 7 Feb 2002 13:54:15 +0100 (MET)
  • Message-id: <14644.1013086455@xxxxxxxxxxxxx>
> >my guesses:
> >pam.d/sshd was changed when activating md5 passwords (>8 characters)
> >ssh*_config were changed by myself
> >ssh hmmm... as one can change file permissions (easy,local,secure), is
> >it possible, that after an installation default permissions and groups
> >are overriden by a script that sets the chosen values?
>
> My guesses for ssh - you installed an update with rpm -i instead of
> of rpm -u or a script such as harden_suse changed attributes.
>
> By the way - its ssh not sshd. An attacker would exchange the daemon to
> get in.
are you sure?

He would _probably_ exchange the daemon or install a second one
listening on a different port. In that case sshd is untouched.
Why not modifying ssh to log passwords?

--
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net


< Previous Next >
Follow Ups