Re: SSH 4.3 dos question
- From: earle.david@xxxxxxxxx
- Date: 25 Feb 2007 02:45:54 -0000
The obvious two considerations are:
1. Is OpenSSH configured to accept SSH version one traffic? I'm not up on SSH, but you might be able to test this with a connection attempt for an older version.
2. What hardware is the system running? Even if the system is vulnerable, the vulnerability description only says that a DOS is possible. A high-end CPU or processing limits placed on the service could cause you some problems.
Beyond that, you may want to vet the exploit code to ensure that it's doing what it says its doing. From glancing at it it looks fine, but you do see a lot of vulnerabilities that are subtly edited to simply not work, at least if you don't tweak them appropriately.
Good luck with your testing!
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
- Prev by Date: question on escalating privileges via suid vulnerabilities
- Next by Date: Re: Penetration Testing Framework 0.24 released
- Previous by thread: Re: SSH 4.3 dos question
- Next by thread: Penetration Testing Framework 0.24 released
- Index(es):
Relevant Pages
|
|
