[VulnWatch] Proof of Concept Code for OpenSSH

From: gobbles@hushmail.com
Date: 07/01/02


From: gobbles@hushmail.com
To: submissions@packetstormsecurity.com, vulnwatch@vulnwatch.org, bugtraq@securityfocus.com, alan@redhat.com, jesus@jesus.com, dugsong@monkey.org
Date: Mon,  1 Jul 2002 10:32:00 -0700



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Remote OpenSSH exploit for 2.9.9-3.3.

Check out our official mirror while we work on the bugtraq.org hosting situation, http://www.immunitysec.com/GOBBLES/ (thanks bob!), we have a new comic posted and some other miscellaneous stuff.

If you haven't patched your sshd yet, you're probably running OpenBSD.

- -GOBBLES Security
"For the love of God, we won't shut up."
-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com

wlwEARECABwFAj0gkUAVHGdvYmJsZXNAaHVzaG1haWwuY29tAAoJEBzRp5chmbAP6S0A
n3e3SbTXYt8NbFeKFGcw5tK5Kjk0AKCiOBoaEu/hQ7ryuaJO3KZIB9ae+w==
=X4Ou
-----END PGP SIGNATURE-----









Relevant Pages

  • Proof of Concept Code for OpenSSH
    ... If you haven't patched your sshd yet, you're probably running OpenBSD. ... - -GOBBLES Security ... "For the love of God, ...
    (Bugtraq)
  • Re: SSHD revelaing too much information.
    ... He *is* the FreeBSD Security Officer. ... you still need to be sure that students' machines don't get ... client can activate a workaround when it connects to a broken sshd. ...
    (FreeBSD-Security)
  • Re: SSHD reconfig
    ... run sshd on some port other than 22, ... Multiple layers of security are better. ... Apple, you mangled it. ...
    (comp.sys.mac.system)
  • Re: Adacrypt.com - Article
    ... it would immediately turn the ... It is no security to wicked men for one moment, ... Unconverted men walk over the pit of hell on a rotten ... God has so many different unsearchable ways of taking ...
    (sci.crypt)
  • Re: starting ssh from inetd
    ... which tends to enhance security. ... >security hole in a particular implementation of inetd, ... Are you saying sshd is insecure when running stand alone and that it ... running sshd through inetd does not simplify the programming ...
    (comp.security.ssh)