Date: Fri, 30 Nov 2001 01:39:39 -0800 From: Erick Mechler <emechler@techometer.net> To: bsd-sec@boneyard.lawrence.ks.us Cc: freebsd-security@FreeBSD.ORG Subject: Re: sshd exploit Message-ID: <20011130013939.Q67199@techometer.net> In-Reply-To: <Pine.BSF.4.10.10111300105070.99377-100000@madeline.boneyard.lawrence.ks.us>; from bsd-sec@boneyard.lawrence.ks.us on Fri, Nov 30, 2001 at 01:30:57AM -0600 References: <20011129012235.U6446-100000@achilles.silby.com> <Pine.BSF.4.10.10111300105070.99377-100000@madeline.boneyard.lawrence.ks.us>
next in thread | previous in thread | raw e-mail | index | archive | help
:: > The CRC bug was fixed in 2.3.0, which was merged into -stable before the :: > release of freebsd 4.3. If 3.0.1's giving you any enhanced immunity, it's :: > to a bug which has not yet been announced. :: > :: > If there _is_ a new bug, and it follows the decription in the url posted :: > earlier in the thread, it's probably also SSHv1 related, and can be :: [...] :: :: Perhaps so. However, at the univeristy department where I work, RH Linux lab :: machines running both 2.5.x and 2.9.x versions of OpenSSH were indeed :: compromised while running ssh version 1. [snip] This is, and someone correct me if I'm wrong, not what everyone else's experience has been with the crc32 attack in SSHv1. According to all reports I've read, including the long, detailed message sent by the Security Officer to this same list entitled "Lack of evidence for new SSH vulnerability" a few hours before yours, this bug was fixed in 2.3.0. Instead of attempting to cause more panic, care to send us more info? Did the cracked boxes exhibit the same characteristics as those described in Dittrich's analysis? Can anybody else on this list either verify or deny the claims made here? Stephen, please don't think I'm picking on you, I just want to make sure that we're not all talking about the same exploit. Cheers - Erick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011130013939.Q67199>