Re: Upcoming OpenSSH vulnerability

From: Blaine Kahle (goatee@binary.net)
Date: 06/25/02 

Date: Tue, 25 Jun 2002 16:10:19 -0500
From: Blaine Kahle <goatee@binary.net>
To: security@freebsd.org

On Tue, Jun 25, 2002 at 03:50:29PM -0400, Michael Richards wrote:
> >> Michael, Doug, any word on the status of this? Have the OpenSSH
> >> developers been notified of this?
> >
> > Reading the rest of that mail, I get the impression it was some
> > sort of dumb joke/rhetorical statement, he didn't really have an
> > exploit...
>
> Yes, I thought it was sarcastic enough that everyone would take it as
> that. As a result of something I saw this AM I believe it would be a
> great idea to upgrade immediately. There is an exploit out in the
> wild and it's been demonstrated to me. I've been spending all day
> frantically upgrading all of our machines. Will probably be up long
> into the night ensuring everything is up and working.

And I think it's being scanned for:

Jun 25 16:10:06 aspire sshd[26012]: scanned from 203.74.9.16 with SSH-1.0-SSH_Version_Mapper. Don't panic.
Jun 25 16:10:06 aspire sshd[26009]: Did not receive identification string from 203.74.9.16

203.74.9.16 is APNIC.

In case you're wondering about the logged "Don't panic." message, it's
in the source:

        if (datafellows & SSH_BUG_SCANNER) {
                log("scanned from %s with %s. Don't panic.",
                    get_remote_ipaddr(), client_version_string);
                fatal_cleanup();
        }
                
        
This scanner triggered a warning page to me because it tied up the
default limit of 10 unauthenticated SSH sessions. 

-- 
Blaine Kahle                                         blaine@binary.net
Systems Programmer                                    Binary Net, Inc.
UID 0, Zip, Zilch, Nada                                 www.binary.net
                                                            0x178AA0E0
Do not meddle in the affairs of sysadmins,
for they are quick to anger and have no need for subtlety.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • openssh3.5p1: new functionality added, modifications done
    ... This is NOT an official or unofficial openssh announcement, patch, release ... secure ftp services for our web content developers. ... there is no server-side control over umask and file permissions. ... I'm running openssh with my patch on my servers, and am quite happy with it. ...
    (SSH)
  • Re: Programaticlly load/unload data
    ... can now have a production and test back end! ... to invoke it in Access 2007), but most developers add their own routine to ... Doug Steele, Microsoft Access MVP ...
    (microsoft.public.access.modulesdaovba)
  • Re: Estimating ASP.NET Software Development Task Time
    ... The best thing is to have experience and also know the skill level of your ... If you've only coded before then talk to the developers you now lead to ... lead before then enjoy the paycheck and dole out your responsibilities to ... dreaded "reading" thing and try to learn. ...
    (microsoft.public.dotnet.general)
  • Re: Grænlendinga þáttur
    ... [SNIP] ... >pickering-wickering instead of reading referred sources. ... Doug Weller -- exorcise the demon to reply ...
    (sci.archaeology)
  • Re: A comparison of VS.NET 2003 vs. VS.NET 2005
    ... Doug. ... How much does the "Go Live" license cost? ... Does VS.NET 2005 integrate well with VSS 6.0d? ... >> developers. ...
    (microsoft.public.dotnet.general)