exploit signature - /bin/login

From: Gordon Ewasiuk (gewasiuk@gnmc.net)
Date: 12/17/01

Previous message: Stephen Pinto: "Openssh rollout on solaris 7"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 17 Dec 2001 13:32:35 -0500 (EST)
From: Gordon Ewasiuk <gewasiuk@gnmc.net>
To: <focus-sun@securityfocus.com>

Hi Focus-Sun,

Does anyone know what an attempt to exploit this bug would look like?
Failed or unusual login attempts? Is anything logged via syslog? With
debug logging enabled? Can a signature be created for Snort?

-gordo

Previous message: Stephen Pinto: "Openssh rollout on solaris 7"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: htt_server message "status has not been enabled yet"
... > Ken Yip wrote: ... Sorry, this is bug 135284: ... I assume you're using iiimf for input, but if not you could turn off ... the iiim service to avoid the messages to syslog. ...
(Fedora)
AW: Problem with SMB mounts and Kernel 2.6.x
... > I haven't found a current bug report yet, ... > hanging processes problem under load however does affect the ... > test-system was a fresh sarge install. ... > in syslog, which is worrying me a bit, but I haven't noticed ...
(Debian-User)
Re: Oops 2.6.23.1 in ext3+jbd at journal_put_journal_head
... Had to cycle power to get it back and see this Oops in the syslog: ... : BUG: unable to handle kernel paging request at virtual address 430a7261 ...
(Linux-Kernel)
Re: Strange sshd message in /var/log/messages: sshd: ^[[60G
... that's true is a redhat syslog entry is the OK! ... >> Is it a known bug that has been fixed in a newer OpenSSH version? ...
(SSH)
Re: Red Hat 7.1 rpc.statd problem
... Fyodor wrote: ... > because originally the bug was simple ... So if someone has written a bad syslog implementation, ... such a scary entry into the log files. ...
(Vuln-Dev)