Date: Wed, 28 Nov 2001 22:00:54 -0700 From: Brett Glass <brett@lariat.org> To: "00" <x2s500y@sekurity.net>, "Chris Byrnes" <chris@JEAH.net>, <security@FreeBSD.ORG> Subject: Re: sshd exploit? Message-ID: <4.3.2.7.2.20011128220001.0465ccc0@localhost> In-Reply-To: <007201c17887$c7ac4b00$0100000a@001>
next in thread | previous in thread | raw e-mail | index | archive | help
At 08:41 PM 11/28/2001, 00 wrote: >Yes, your friend is right, I'm not sure of the specifics, but I have a copy >of the exploit and it has only been released in binary form. OpenBSD's >OpenSSH team or no other SSH development group has yet to make a formal >statement, most likely due to the fact they don't know what the vunerability >is as of yet so they don't want to spark a fire. The vunerability is a >great threat because it is remote and root compromisable. The exploit scans >a listing of addresses, and when it find a host it just drops to a >rootshell. On which versions of SSH or OpenSSH has this been tested? We may need to shut down a series of hosts if this is for real and not just an ugly rumor. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.7.2.20011128220001.0465ccc0>