Re: sshd exploit?
From: Kris Kennaway (kris@obsecurity.org)
Date: 11/29/01
- Next message: Brett Glass: "Re: sshd exploit?"
- Previous message: Colin Faber: "Re: sshd exploit?"
- In reply to: 00: "Re: sshd exploit?"
- Next in thread: Brett Glass: "Re: sshd exploit?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 28 Nov 2001 20:28:48 -0800 From: Kris Kennaway <kris@obsecurity.org> To: 00 <x2s500y@sekurity.net>
On Wed, Nov 28, 2001 at 10:41:44PM -0500, 00 wrote:
> Yes, your friend is right, I'm not sure of the specifics, but I have a copy
> of the exploit and it has only been released in binary form. OpenBSD's
> OpenSSH team or no other SSH development group has yet to make a formal
> statement, most likely due to the fact they don't know what the vunerability
> is as of yet so they don't want to spark a fire. The vunerability is a
> great threat because it is remote and root compromisable. The exploit scans
> a listing of addresses, and when it find a host it just drops to a
> rootshell.
Please forward a copy to security-officer@FreeBSD.org. We've only
seen an exploit for the old vulnerability in OpenSSH 2.2.0, which
obviously isn't that exciting :)
Kris
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- application/pgp-signature attachment: stored
- Next message: Brett Glass: "Re: sshd exploit?"
- Previous message: Colin Faber: "Re: sshd exploit?"
- In reply to: 00: "Re: sshd exploit?"
- Next in thread: Brett Glass: "Re: sshd exploit?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
