Re: sshd exploit?

From: 00 (x2s500y@sekurity.net)
Date: 11/29/01

• Next message: Colin Faber: "Re: sshd exploit?"
• Previous message: Chris Byrnes: "sshd exploit?"
• Maybe in reply to: Chris Byrnes: "sshd exploit?"
• Next in thread: Colin Faber: "Re: sshd exploit?"
• Reply: Colin Faber: "Re: sshd exploit?"
• Reply: Kris Kennaway: "Re: sshd exploit?"
• Reply: Brett Glass: "Re: sshd exploit?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "00" <x2s500y@sekurity.net>
To: "Chris Byrnes" <chris@JEAH.net>, <security@freebsd.org>
Date: Wed, 28 Nov 2001 22:41:44 -0500

Yes, your friend is right, I'm not sure of the specifics, but I have a copy
of the exploit and it has only been released in binary form. OpenBSD's
OpenSSH team or no other SSH development group has yet to make a formal
statement, most likely due to the fact they don't know what the vunerability
is as of yet so they don't want to spark a fire. The vunerability is a
great threat because it is remote and root compromisable. The exploit scans
a listing of addresses, and when it find a host it just drops to a
rootshell.
-----Original Message-----
From: Chris Byrnes <chris@JEAH.net>
To: security@freebsd.org <security@freebsd.org>
Date: Wednesday, November 28, 2001 4:23 PM
Subject: sshd exploit?

>A colleague sent me a very vague e-mail, telling me that I should 'disable
>SSHD now' because of a 'private exploit being circulated since Saturday'.
>
>Anyone know anything about this?
>
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-security" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Next message: Colin Faber: "Re: sshd exploit?"
• Previous message: Chris Byrnes: "sshd exploit?"
• Maybe in reply to: Chris Byrnes: "sshd exploit?"
• Next in thread: Colin Faber: "Re: sshd exploit?"
• Reply: Colin Faber: "Re: sshd exploit?"
• Reply: Kris Kennaway: "Re: sshd exploit?"
• Reply: Brett Glass: "Re: sshd exploit?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: sshd exploit? ... Does this expliot effect all sshd's or can it be stopped with wrappers ... > Yes, your friend is right, I'm not sure of the specifics, but I have a copy ... most likely due to the fact they don't know what the vunerability ... >>SSHD now' because of a 'private exploit being circulated since Saturday'. ... (FreeBSD-Security) Re: sshd exploit? ... > Yes, your friend is right, I'm not sure of the specifics, but I have a copy ... > OpenSSH team or no other SSH development group has yet to make a formal ... most likely due to the fact they don't know what the vunerability ... (FreeBSD-Security) Re: why I am still asked to input password after all the setup? ... you add some flags to sshd. ... can I turn on the debug? ... It depends on specifics. ... If you bind to a high numbered port (like ... (comp.security.ssh)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint