From owner-freebsd-security  Wed Nov  4 10:49:58 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id KAA09882
          for freebsd-security-outgoing; Wed, 4 Nov 1998 10:49:58 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from shell6.ba.best.com (shell6.ba.best.com [206.184.139.137])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA09872
          for <freebsd-security@FreeBSD.ORG>; Wed, 4 Nov 1998 10:49:54 -0800 (PST)
          (envelope-from jkb@shell6.ba.best.com)
Received: (from jkb@localhost)
	by shell6.ba.best.com (8.9.0/8.9.0/best.sh) id KAA02420;
	Wed, 4 Nov 1998 10:48:45 -0800 (PST)
Message-ID: <19981104104845.A1532@best.com>
Date: Wed, 4 Nov 1998 10:48:45 -0800
From: "Jan B. Koum " <jkb@best.com>
To: agora@uol.com.br, FreeBSD Security <freebsd-security@FreeBSD.ORG>
Cc: Cristiano Colpani <colpani@furb.rct-sc.br>,
        Guilherme Galileo Cox <cox@ibrati.com.br>,
        "Nilson R. A. de Brito" <niusin@montreal.com.br>
Subject: Re: [Fwd: SSHD Exploit]
References: <364054DC.DF96B116@agoractvm.com.br>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Mailer: Mutt 0.93.2i
In-Reply-To: =?iso-8859-1?Q?=3C364054DC=2EDF96B116=40agoractvm=2Ecom=2Ebr=3E=3B_from_?=
 =?iso-8859-1?Q?Teleinform=E1tica_on_Wed=2C_Nov_04=2C_1998_at_11:21:32AM_?=
 =?iso-8859-1?Q?-0200?=
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Wed, Nov 04, 1998 at 11:21:32AM -0200, Teleinformática <agora@uol.com.br> wrote:
> 
> 
> --
> Regards,
>  _______________________
> | Nelson 'Stderr' Brito |_________________________________
> |_________________________________________________________|
> |Finger Print: | A2E0 D90E 413A 515A  10C9 C0CE 4855 D523 |
> |   E-mail:    |        nelson@cyberspace.org             |
> |    URL:      |   http://www.angelfire.com/sd/stderr     |
> | Public key:  |             See the URL                  |
> |______________|__________________________________________|
> |ooooooooooooooooooooooooooooooooooooooooooooooooooooooooo|
>  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> 

> Received: by pascal (mbox agora)
>  (with Cubic Circle's cucipop (v1.22 1998/04/11) Wed Nov  4 09:24:47 1998)
> X-From_: root  Wed Nov  4 01:08:10 1998
> Received: from brimstone.netspace.org (brimstone.netspace.org [128.148.157.143])
> 	by pascal.uol.com.br (8.9.1/8.9.1) with ESMTP id BAA12002;
> 	Wed, 4 Nov 1998 01:08:03 -0200 (EDT)
> Received: from netspace.org ([128.148.157.6]:54856 "EHLO netspace.org" ident: "TIMEDOUT2") by brimstone.netspace.org with ESMTP id <77774-27536>; Tue, 3 Nov 1998 21:37:34 -0500
> Received: from NETSPACE.ORG by NETSPACE.ORG (LISTSERV-TCP/IP release 1.8c) with
>           spool id 4569238 for BUGTRAQ@NETSPACE.ORG; Tue, 3 Nov 1998 21:30:42
>           -0500
> Approved-By: aleph1@DFW.NET
> Received: from gti.net (apollo.gti.net [199.171.27.7]) by netspace.org
>           (8.8.7/8.8.7) with ESMTP id RAA18872 for <BUGTRAQ@NETSPACE.ORG>; Sun,
>           1 Nov 1998 17:05:06 -0500
> Received: from localhost (jfoutts@localhost) by gti.net (8.9.1/8.8.8) with
>           ESMTP id RAA24814 for <BUGTRAQ@NETSPACE.ORG>; Sun, 1 Nov 1998
>           17:05:07 -0500 (EST)
> MIME-Version: 1.0
> Content-Type: TEXT/PLAIN; charset=US-ASCII
> Message-ID: <Pine.GSO.4.04.9811011657440.24326-100000@apollo.gti.net>
> Date: 	Sun, 1 Nov 1998 17:05:07 -0500
> Reply-To: Justin Foutts <jfoutts@APOLLO.GTI.NET>
> Sender: Bugtraq List <BUGTRAQ@netspace.org>
> From: Justin Foutts <jfoutts@APOLLO.GTI.NET>
> Subject:      SSHD Exploit
> To: BUGTRAQ@netspace.org
> X-Mozilla-Status2: 00000000
> 
> On a system I administer I found a program named sshdwarez.c in one of my
> user's home directories.  Upon further inspection I found that this was
> the source code of an x86/Linux remote buffer overflow exploit for sshd
> versions 1.2.26 and below.  I have tested this exploit on a number of my
> systems and have obtained remote root access on each one.  I will not post
> this exploit as it could give crackers a tool to gain unauthorized access
> to systems.  I STRONGLY recommend that everyone upgrade their versions of
> sshd as soon as possible.
> 
> Thanks!
> Justin
> 
[quoting a1]
Date:   Wed, 4 Nov 1998 11:22:08 -0600                                          
From: Aleph One <aleph1@DFW.NET>                                                
Subject:      Re: SSHD Exploit                                        
To: BUGTRAQ@netspace.org                                                      
    
This one was a fake folks. Little kids having their fun. Apologies for          
approving it. It was a long day.                                            
    
All persons that have examined the ssh code so far have found it to be          
secure (so far). If you require a safety net to sleep well at night while       
running sshd I recommend you recompile it with the StackGuard compiler          
(if you are running on a x86 or want to port it).                               
    
http://www.cse.ogi.edu/DISC/projects/immunix/StackGuard/                        
    
Aleph One / aleph1@dfw.net                                                      
http://underground.org/                                                        
KeyID 1024/948FD6B5                                                             
Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01                    
[end]

	Can we let all the SSH threads die now?!?! Please? :)

-- Yan

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message