Date: Wed, 4 Nov 1998 10:48:45 -0800 From: "Jan B. Koum " <jkb@best.com> To: agora@uol.com.br, FreeBSD Security <freebsd-security@FreeBSD.ORG> Cc: Cristiano Colpani <colpani@furb.rct-sc.br>, Guilherme Galileo Cox <cox@ibrati.com.br>, "Nilson R. A. de Brito" <niusin@montreal.com.br> Subject: Re: [Fwd: SSHD Exploit] Message-ID: <19981104104845.A1532@best.com> In-Reply-To: =?iso-8859-1?Q?=3C364054DC=2EDF96B116=40agoractvm=2Ecom=2Ebr=3E=3B_from_?= =?iso-8859-1?Q?Teleinform=E1tica_on_Wed=2C_Nov_04=2C_1998_at_11:21:32AM_?= =?iso-8859-1?Q?-0200?= References: <364054DC.DF96B116@agoractvm.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Nov 04, 1998 at 11:21:32AM -0200, Teleinformática <agora@uol.com.br> wrote: > > > -- > Regards, > _______________________ > | Nelson 'Stderr' Brito |_________________________________ > |_________________________________________________________| > |Finger Print: | A2E0 D90E 413A 515A 10C9 C0CE 4855 D523 | > | E-mail: | nelson@cyberspace.org | > | URL: | http://www.angelfire.com/sd/stderr | > | Public key: | See the URL | > |______________|__________________________________________| > |ooooooooooooooooooooooooooooooooooooooooooooooooooooooooo| > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > Received: by pascal (mbox agora) > (with Cubic Circle's cucipop (v1.22 1998/04/11) Wed Nov 4 09:24:47 1998) > X-From_: root Wed Nov 4 01:08:10 1998 > Received: from brimstone.netspace.org (brimstone.netspace.org [128.148.157.143]) > by pascal.uol.com.br (8.9.1/8.9.1) with ESMTP id BAA12002; > Wed, 4 Nov 1998 01:08:03 -0200 (EDT) > Received: from netspace.org ([128.148.157.6]:54856 "EHLO netspace.org" ident: "TIMEDOUT2") by brimstone.netspace.org with ESMTP id <77774-27536>; Tue, 3 Nov 1998 21:37:34 -0500 > Received: from NETSPACE.ORG by NETSPACE.ORG (LISTSERV-TCP/IP release 1.8c) with > spool id 4569238 for BUGTRAQ@NETSPACE.ORG; Tue, 3 Nov 1998 21:30:42 > -0500 > Approved-By: aleph1@DFW.NET > Received: from gti.net (apollo.gti.net [199.171.27.7]) by netspace.org > (8.8.7/8.8.7) with ESMTP id RAA18872 for <BUGTRAQ@NETSPACE.ORG>; Sun, > 1 Nov 1998 17:05:06 -0500 > Received: from localhost (jfoutts@localhost) by gti.net (8.9.1/8.8.8) with > ESMTP id RAA24814 for <BUGTRAQ@NETSPACE.ORG>; Sun, 1 Nov 1998 > 17:05:07 -0500 (EST) > MIME-Version: 1.0 > Content-Type: TEXT/PLAIN; charset=US-ASCII > Message-ID: <Pine.GSO.4.04.9811011657440.24326-100000@apollo.gti.net> > Date: Sun, 1 Nov 1998 17:05:07 -0500 > Reply-To: Justin Foutts <jfoutts@APOLLO.GTI.NET> > Sender: Bugtraq List <BUGTRAQ@netspace.org> > From: Justin Foutts <jfoutts@APOLLO.GTI.NET> > Subject: SSHD Exploit > To: BUGTRAQ@netspace.org > X-Mozilla-Status2: 00000000 > > On a system I administer I found a program named sshdwarez.c in one of my > user's home directories. Upon further inspection I found that this was > the source code of an x86/Linux remote buffer overflow exploit for sshd > versions 1.2.26 and below. I have tested this exploit on a number of my > systems and have obtained remote root access on each one. I will not post > this exploit as it could give crackers a tool to gain unauthorized access > to systems. I STRONGLY recommend that everyone upgrade their versions of > sshd as soon as possible. > > Thanks! > Justin > [quoting a1] Date: Wed, 4 Nov 1998 11:22:08 -0600 From: Aleph One <aleph1@DFW.NET> Subject: Re: SSHD Exploit To: BUGTRAQ@netspace.org This one was a fake folks. Little kids having their fun. Apologies for approving it. It was a long day. All persons that have examined the ssh code so far have found it to be secure (so far). If you require a safety net to sleep well at night while running sshd I recommend you recompile it with the StackGuard compiler (if you are running on a x86 or want to port it). http://www.cse.ogi.edu/DISC/projects/immunix/StackGuard/ Aleph One / aleph1@dfw.net http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01 [end] Can we let all the SSH threads die now?!?! Please? :) -- Yan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981104104845.A1532>