Hi all, I am presenting, i'm an italian boy, 22 years old and i work in IT tecnologies by about 2 years.
I have an enormous passion for computing in general. I found a dangerous bug about ssh with key exchange. The bug afflicting only some distributions, in particular that are used as a web server. If I create a directory ".ssh", for the user "www-data", in his home that is usually, "/var/www/", i can log in the computer with: "ssh [EMAIL PROTECTED]" This is a stupid bug, but it's very dangerous. For my reasons, i entered into a site hosted above a debian, using "Joomla amministration" (a famous CMS), adding my "ssh key" in the ".ssh/authorized_keys". Maybe someone had already found it, but say it another time it's not bad. debian version: Linux HostName 2.6.8-3-686-smp #1 SMP Tue Dec 5 23:17:50 UTC 2006 i686 GNU/Linux ssh version: OpenSSH_3.8.1p1 Debian-8.sarge.6, OpenSSL 0.9.7e 25 Oct 2004 Sorry for my bad english!!! regards Alberto Bravi, from Italy;) -- *Alberto Bravi* --------------------------------- E-mail: [EMAIL PROTECTED] Skype: alberto.bravi Le informazioni contenute in questa comunicazione e gli eventuali documenti allegati hanno carattere confidenziale e sono ad uso esclusivo del destinatario. Nel caso questa comunicazione Vi sia pervenuta per errore , Vi informiamo che la sua diffusione e riproduzione e' contraria alla legge e preghiamo di darci prontamente avviso e di cancellare quanto ricevuto. This e-mail message and any files transmitted with it contain confidential information intended only for the person(s) to whom it is addressed. If you are not the intended recipient, you are hereby notified that any use or distribution of this e-mail is strictly prohibited, please notify the sender and delete the original message. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]