Re: SSH2 Exploit?

From: Steve Wright (stevew@cwazy.co.uk)
Date: 03/07/02 

From: Steve Wright <stevew@cwazy.co.uk>
To: vuln-dev@securityfocus.com
Date: Thu, 7 Mar 2002 15:08:58 +0000

Just wondering if anyone knows more about this;
http://www.pine.nl/advisories/pine-cert-20020301.txt

( OpenSSH versions 2.0 - 3.0.2, Existing users will gain root privileges )

> On Tue, 26 Feb 2002, John Compton wrote:
> > Hi,
> >
> > I recently had a break-in on a redhat linux system. The attacker
> > installed what appears to be torn kit, but there was one thing which
> > caught my attention. I found a binary named "sshex" on the compromised
> > system. I guess this is the exploit used to break in cause most of the
> > servers here are kept up-to-date. The system was being used to actively
> > scan for ssh servers.
> >
> > [root@testbox ]# ./sshex
> >
> > 7350ylonen - x86 ssh2 <= 3.1.0 exploit
> > dream team teso
> > usage: 7350ylonen [-hd] <-p port> <-t target> <-d packet_delay> host
> >
> > RH 7.x - SSH-2.0-3.x SSH Secure Shell
> > RH 7.x - SSH-2.0-2.x SSH Secure Shell
> > RH 6.x - SSH-2.0-2.x SSH Secure Shell
> > Slack 8.0 - SSH-2.0-3.x SSH Secure Shell
> > SuSE-7.3 - SSH-2.0-3.x SSH Secure Shell
> > FreeBSD 4.3 - SSH-2.0-3.x SSH Secure Shell
> > FreeBSD 4.3 - SSH-2.0-2.x SSH Secure Shell
> >
> > It tries to connect to port 22 when I target localhost, but I can't tell
> > if sshd is crashing or not as I can't use gdb to attach to the process in
> > time. The only SSH vulnerabilities I could find affected SSH1 servers, or
> > OpenSSH. Has anyone else found this exploit on their systems or know
> > something about it?
> >
> > _________________________________________________________________
> > Send and receive Hotmail on your mobile device: http://mobile.msn.com

Quantcast