Re: SSH 4.3 dos question

From: M.B.Jr. <marcio.barbado@xxxxxxxxx>
Date: Sat, 24 Feb 2007 14:36:36 -0300

Most of those published vulnerabilities are context-specific.

Simulate it first (Xen, VMware, whatever) changing its variables.

My guessing is that you need to perform the attack when an ssh channel
is already established. Have you tried this?

Regards,

On 2/22/07, Francois Yang <francois.y@xxxxxxxxx> wrote:

I'm evaluating a friends server and I noticed that he had a vulnerable
version of SSH.
Nmap result;
22/tcp open ssh OpenSSH 4.3 (protocol 1.99)

According to security focus it is vulnerable to a DOS attack.
http://www.securityfocus.com/bid/20216/info
cve - CVE-2006-4924

When I run the script from millw0rm which is suppose to cause the DOS
nothing happens.
The scripts runs fine saying that it worked, but the server doesn't
seem to be affected.
http://milw0rm.com/exploits/2444

Any ideas?

thanks.

--
If you think technology can solve your security problems, then you
don't understand the problems and you don't understand the technology.
Bruce Schneier

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

--
Marcio Barbado, Jr.
==============
==============

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

References:
- SSH 4.3 dos question
  - From: Francois Yang

Prev by Date: RE: Ethical hacker article published
Next by Date: RE: DNS mapping
Previous by thread: SSH 4.3 dos question
Next by thread: Re: SSH 4.3 dos question
Index(es):
- Date
- Thread

Relevant Pages

Re: tools to scan source code
... to create a static source code analyser for ASP.net ... app vulnerabilities have a different structure than the vulnerabilities ... Need to secure your web apps? ... Cenzic Hailstorm finds vulnerabilities fast. ...
(Pen-Test)
RE: Testing the user community
... Good luck, Kurt, I would be interested to hear how you go about it and ... Need to secure your web apps? ... Cenzic Hailstorm finds vulnerabilities fast. ...
(Pen-Test)
Re: Generating awareness amongst IT staff
... you might using Live hacking demo or just ... to create password hack using Ophcrack and run it during ... Cenzic Hailstorm finds vulnerabilities fast. ...
(Pen-Test)
Re: Mile2 Training (Certifications)
... I took a Mile2 PenTest intro class early last summer. ... all the vulnerabilities exploited were "low-hanging ... Cenzic Hailstorm finds vulnerabilities fast. ... Click the link to buy it, try it or download Hailstorm for FREE. ...
(Pen-Test)
Re: Generating awareness amongst IT staff
... a test server. ... Cenzic Hailstorm finds vulnerabilities fast. ... Click the link to buy it, try it or download Hailstorm for FREE. ...
(Pen-Test)