Date: Wed, 28 Nov 2001 20:49:39 -0700 From: Colin Faber <cfaber@fpsn.net> To: 00 <x2s500y@sekurity.net> Cc: Chris Byrnes <chris@JEAH.net>, security@FreeBSD.ORG Subject: Re: sshd exploit? Message-ID: <3C05B053.C43AC84E@fpsn.net> References: <007201c17887$c7ac4b00$0100000a@001>
next in thread | previous in thread | raw e-mail | index | archive | help
Does this expliot effect all sshd's or can it be stopped with wrappers 00 wrote: > > Yes, your friend is right, I'm not sure of the specifics, but I have a copy > of the exploit and it has only been released in binary form. OpenBSD's > OpenSSH team or no other SSH development group has yet to make a formal > statement, most likely due to the fact they don't know what the vunerability > is as of yet so they don't want to spark a fire. The vunerability is a > great threat because it is remote and root compromisable. The exploit scans > a listing of addresses, and when it find a host it just drops to a > rootshell. > -----Original Message----- > From: Chris Byrnes <chris@JEAH.net> > To: security@freebsd.org <security@freebsd.org> > Date: Wednesday, November 28, 2001 4:23 PM > Subject: sshd exploit? > > >A colleague sent me a very vague e-mail, telling me that I should 'disable > >SSHD now' because of a 'private exploit being circulated since Saturday'. > > > >Anyone know anything about this? > > > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-security" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3C05B053.C43AC84E>