Re: sshd exploit

From: Erick Mechler (emechler@techometer.net)
Date: 11/30/01

• Next message: Krzysztof Zaraska: "Re: ISSalert: ISS Security Alert: WU-FTPD Heap Corruption Vulnerability (fwd)"
• Previous message: f.johan.beisser: "OPIE and ssh"
• In reply to: bsd-sec@boneyard.lawrence.ks.us: "Re: sshd exploit"
• Next in thread: Kris Kennaway: "Re: sshd exploit"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Fri, 30 Nov 2001 01:39:39 -0800
From: Erick Mechler <emechler@techometer.net>
To: bsd-sec@boneyard.lawrence.ks.us

:: > The CRC bug was fixed in 2.3.0, which was merged into -stable before the
:: > release of freebsd 4.3. If 3.0.1's giving you any enhanced immunity, it's
:: > to a bug which has not yet been announced.
:: >
:: > If there _is_ a new bug, and it follows the decription in the url posted
:: > earlier in the thread, it's probably also SSHv1 related, and can be
:: [...]
::
:: Perhaps so. However, at the univeristy department where I work, RH Linux lab
:: machines running both 2.5.x and 2.9.x versions of OpenSSH were indeed
:: compromised while running ssh version 1.

[snip]

This is, and someone correct me if I'm wrong, not what everyone else's
experience has been with the crc32 attack in SSHv1. According to all
reports I've read, including the long, detailed message sent by the
Security Officer to this same list entitled "Lack of evidence for new SSH
vulnerability" a few hours before yours, this bug was fixed in 2.3.0.
Instead of attempting to cause more panic, care to send us more info? Did
the cracked boxes exhibit the same characteristics as those described in
Dittrich's analysis? Can anybody else on this list either verify or deny
the claims made here?

Stephen, please don't think I'm picking on you, I just want to make sure
that we're not all talking about the same exploit.

Cheers - Erick

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

---

• Next message: Krzysztof Zaraska: "Re: ISSalert: ISS Security Alert: WU-FTPD Heap Corruption Vulnerability (fwd)"
• Previous message: f.johan.beisser: "OPIE and ssh"
• In reply to: bsd-sec@boneyard.lawrence.ks.us: "Re: sshd exploit"
• Next in thread: Kris Kennaway: "Re: sshd exploit"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Matlab & LD_LIBRARY_PATH ... This happens on different machines running either ... bug, but I can't find it now. ... The question is, when logging in via the display manager, does ... However booting into X11 (init 5) prevents LD_LIBRARY_PATH from ... (Fedora) Re: Shortcuts do not work when using Insert/File Attachment ... Yeah, I tried creating a new identity, but same issue. ... I actually have now seen this bug on about 5 different machines running ... workaround for now. ... (microsoft.public.windows.inetexplorer.ie6_outlookexpress) Re: sshd exploit ... > release of freebsd 4.3. ... > to a bug which has not yet been announced. ... compromised while running ssh version 1. ... folks offer free site licenses for their Win32 client, ... (FreeBSD-Security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)