From owner-freebsd-questions Tue Oct 30 13:14:30 2001 Delivered-To: freebsd-questions@freebsd.org Received: from wingerboy.sonic.net (fw.office.sonic.net [209.204.177.119]) by hub.freebsd.org (Postfix) with ESMTP id 838E637B401 for ; Tue, 30 Oct 2001 13:14:27 -0800 (PST) Date: Tue, 30 Oct 2001 13:13:48 -0800 From: Kelsey Cummings To: Edwin Groothuis Cc: freebsd-questions@FreeBSD.ORG Subject: Re: SSH exploits? Message-ID: <20011030131348.T42541@sonic.net> References: <20011030121502.N42541@sonic.net> <20011031080900.G35710@k7.mavetju.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20011031080900.G35710@k7.mavetju.org>; from edwin@mavetju.org on Wed, Oct 31, 2001 at 08:09:00AM +1100 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, Oct 31, 2001 at 08:09:00AM +1100, Edwin Groothuis wrote: > On Tue, Oct 30, 2001 at 12:15:02PM -0800, Kelsey Cummings wrote: > > http://razor.bindview.com/publish/advisories/adv_ssh1crc.html > > > > Looks like there is another ssh exploit. Our experience is > > showing that the script kiddies have tools for this already. > > Yes, besides that the date on it is Februari 2001 and that (at > least 4.3, don't know about 4.2) have OpenSSH 2.3.0 already. Don't know how this one slipped under are radar... So it goes. -- Kelsey Cummings - kgc@sonic.net sonic.net System Administrator 300 B Street, Ste 101 707.522.1000 (Voice) Santa Rosa, CA 95404 707.547.2199 (Fax) http://www.sonic.net/ Fingerprint = 7F 59 43 1B 44 8A 0D 57 91 08 73 73 7A 48 90 C5 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message