From owner-freebsd-security  Wed Nov 28 19:50:18 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mail.fpsn.net (mail.fpsn.net [63.224.69.57])
	by hub.freebsd.org (Postfix) with ESMTP id 45E7F37B417
	for <security@FreeBSD.ORG>; Wed, 28 Nov 2001 19:50:15 -0800 (PST)
Received: from fpsn.net (control.fpsn.net [63.224.69.60])
	(authenticated)
	by mail.fpsn.net (8.11.6/8.11.6) with ESMTP id fAT3o2p52379;
	Wed, 28 Nov 2001 20:50:03 -0700 (MST)
Message-ID: <3C05B053.C43AC84E@fpsn.net>
Date: Wed, 28 Nov 2001 20:49:39 -0700
From: Colin Faber <cfaber@fpsn.net>
X-Mailer: Mozilla 4.78 [en] (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
To: 00 <x2s500y@sekurity.net>
Cc: Chris Byrnes <chris@JEAH.net>, security@FreeBSD.ORG
Subject: Re: sshd exploit?
References: <007201c17887$c7ac4b00$0100000a@001>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Does this expliot effect all sshd's or can it be stopped with wrappers

00 wrote:
> 
> Yes, your friend is right, I'm not sure of the specifics, but I have a copy
> of the exploit and it has only been released in binary form.  OpenBSD's
> OpenSSH team or no other SSH development group has yet to make a formal
> statement, most likely due to the fact they don't know what the vunerability
> is as of yet so they don't want to spark a fire.  The vunerability is a
> great threat because it is remote and root compromisable.  The exploit scans
> a listing of addresses, and when it find a host it just drops to a
> rootshell.
> -----Original Message-----
> From: Chris Byrnes <chris@JEAH.net>
> To: security@freebsd.org <security@freebsd.org>
> Date: Wednesday, November 28, 2001 4:23 PM
> Subject: sshd exploit?
> 
> >A colleague sent me a very vague e-mail, telling me that I should 'disable
> >SSHD now' because of a 'private exploit being circulated since Saturday'.
> >
> >Anyone know anything about this?
> >
> >
> >
> >To Unsubscribe: send mail to majordomo@FreeBSD.org
> >with "unsubscribe freebsd-security" in the body of the message
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message