sshd exploit.

From: Luke Vogel (luke@bell-bird.com.au)
Date: 03/30/02

  • Next message: Luke Vogel: "Re: ftp scanning"

    From: Luke Vogel <luke@bell-bird.com.au>
    Date: Sat, 30 Mar 2002 17:32:19 +1000
    
    

    I've been trying to have an in-depth look at the sshd crc32 compensation
    attack exploit, but I cant seen to locate a copy of the "actual" exploit
    anywhere.

    I have found source that patches the ssh client to allow the exploit
    work, but I cant find the actual engine of the exploit. Specifically
    I'd like to get hold of the "zip/TESO" exploit.

    Have any of you found a copy in the wild? If so would you mind
    e-mailing me a copy so that I can do some forensics ... I'd like to know
    exactly how it works.

    -- 
    Regards
    Luke
    ------
    Q:  What does FAQ stand for?
    A:  We are Frequently Asked this Question, and we have no idea.
    ------
    C.O.L.S FAQ - http://www.linuxsecurity.com/docs/colsfaq.html
    ------
    



    Relevant Pages

    • Re: Quick opinion poll regarding Bass multiple "PR" posts
      ... He does not attack or flame those who have not attacked him.... ... The "PR" posts should be limited to a single item and one that has relevance to the *industry*. ... The FAQ is just like homeowner deed restrictions. ... I've seen Robert run roughshod over a number of individuals here. ...
      (alt.security.alarms)
    • Re: Politics in science fiction
      ... majority of people reading said posting immediately go on the ... attack and that last sentence in the FAQ is not an idle ...
      (rec.arts.sf.written)
    • Re: Any style file to convert number to word?
      ... Peter Flynn writes: ... I agree that this should be added to FAQ. ... impossible to answer in a narrative style, such as the faq offers by ... one can attack such problems in the faq, ...
      (comp.text.tex)
    • Re: Nobody proposing new uk newsgroups - why ?
      ... there is an attack on uk.rec.gardening. ... |Might it be time to put together a quick FAQ on how to use filtering ... |for various flavours of newsreader? ...
      (uk.net.news.config)