| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200303082338.39522.aeonflux@aeonflux.no-ip.com> From: aeonflux at aeonflux.no-ip.com (aeonflux) Subject: SSH/OPENSSH HOLE ALL VERSIONS. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday 04 March 2003 6:18 pm, diacetyl@...hmail.com wrote: > The ssh command contains an innate system of backdooring that can be > levereged by an attacker to gain the access of another user. > > The crux of this problem lies in the face that any public key dropped to > ~/.ssh/authorized_keys may be used to gain entry to the machine under the > priveledges of that user by he who posesses the corresponding private key. Duh...... this is not a flaw. However, this advisory appears to be a joke.... more then likely the work of the evil gobbles :-) in particular .... V. PROPS iDEFENSE for their elite file advisory http://lists.netsys.com/pipermail/full-disclosure/2003-March/004423.html these warriors of full-disclosure give me the courage to release this vulnerability even after death threats from evil blackhats who shut off my power, ruined my credit, and got me fired from my job. Hahaha.... ;-) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+arc81mDajpZ9rHwRAkbuAKCXbKGDc8B7b+v5KbzRTXR3fdskuACfdq08 xgbr4jrXVUnCa9FaSpQ5dNc= =JmZR -----END PGP SIGNATURE-----
Powered by blists - more mailing lists