openssh remote add user exploits?

Frank Cusack fcusack at fcusack.com
Thu Feb 13 13:48:40 EST 2003


On Thu, Feb 13, 2003 at 02:36:27AM +0200, Kimmo Hovi wrote:
> Hello. Recently I discovered some kind of exploit of openssh used against
> me. For configuration info, I am using Mandrake 8.2 with the openssh
> package openssh-3.1p1-1mdk.

> Feb  5 09:29:09 narnia adduser[15054]: new user: name=telnet, uid=0,
> gid=0, home=/usr/doc/, shell=/bin/bash
> Feb  5 09:29:48 narnia PAM_pwdb[15055]: new password not acceptable
> Feb  5 09:30:06 narnia sshd[15046]: Could not reverse map address
> 194.105.21.48.
> Feb  5 09:30:06 narnia sshd[15046]: User telnet not allowed because not
> listed in AllowUsers

I don't see how this is at all related to openssh having some kind of
exploit.  Someone locally added a user named 'telnet' and then tried
to ssh as that user.

Your machine is already compromised, it seems, in a way that only allows
creation of new users, maybe?

/fc




More information about the openssh-unix-dev mailing list