Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 4 Nov 1998 10:48:45 -0800
From:      "Jan B. Koum " <jkb@best.com>
To:        agora@uol.com.br, FreeBSD Security <freebsd-security@FreeBSD.ORG>
Cc:        Cristiano Colpani <colpani@furb.rct-sc.br>, Guilherme Galileo Cox <cox@ibrati.com.br>, "Nilson R. A. de Brito" <niusin@montreal.com.br>
Subject:   Re: [Fwd: SSHD Exploit]
Message-ID:  <19981104104845.A1532@best.com>
In-Reply-To: =?iso-8859-1?Q?=3C364054DC=2EDF96B116=40agoractvm=2Ecom=2Ebr=3E=3B_from_?= =?iso-8859-1?Q?Teleinform=E1tica_on_Wed=2C_Nov_04=2C_1998_at_11:21:32AM_?= =?iso-8859-1?Q?-0200?=
References:  <364054DC.DF96B116@agoractvm.com.br>

next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Nov 04, 1998 at 11:21:32AM -0200, Teleinformática <agora@uol.com.br> wrote:
> 
> 
> --
> Regards,
>  _______________________
> | Nelson 'Stderr' Brito |_________________________________
> |_________________________________________________________|
> |Finger Print: | A2E0 D90E 413A 515A  10C9 C0CE 4855 D523 |
> |   E-mail:    |        nelson@cyberspace.org             |
> |    URL:      |   http://www.angelfire.com/sd/stderr     |
> | Public key:  |             See the URL                  |
> |______________|__________________________________________|
> |ooooooooooooooooooooooooooooooooooooooooooooooooooooooooo|
>  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> 

> Received: by pascal (mbox agora)
>  (with Cubic Circle's cucipop (v1.22 1998/04/11) Wed Nov  4 09:24:47 1998)
> X-From_: root  Wed Nov  4 01:08:10 1998
> Received: from brimstone.netspace.org (brimstone.netspace.org [128.148.157.143])
> 	by pascal.uol.com.br (8.9.1/8.9.1) with ESMTP id BAA12002;
> 	Wed, 4 Nov 1998 01:08:03 -0200 (EDT)
> Received: from netspace.org ([128.148.157.6]:54856 "EHLO netspace.org" ident: "TIMEDOUT2") by brimstone.netspace.org with ESMTP id <77774-27536>; Tue, 3 Nov 1998 21:37:34 -0500
> Received: from NETSPACE.ORG by NETSPACE.ORG (LISTSERV-TCP/IP release 1.8c) with
>           spool id 4569238 for BUGTRAQ@NETSPACE.ORG; Tue, 3 Nov 1998 21:30:42
>           -0500
> Approved-By: aleph1@DFW.NET
> Received: from gti.net (apollo.gti.net [199.171.27.7]) by netspace.org
>           (8.8.7/8.8.7) with ESMTP id RAA18872 for <BUGTRAQ@NETSPACE.ORG>; Sun,
>           1 Nov 1998 17:05:06 -0500
> Received: from localhost (jfoutts@localhost) by gti.net (8.9.1/8.8.8) with
>           ESMTP id RAA24814 for <BUGTRAQ@NETSPACE.ORG>; Sun, 1 Nov 1998
>           17:05:07 -0500 (EST)
> MIME-Version: 1.0
> Content-Type: TEXT/PLAIN; charset=US-ASCII
> Message-ID: <Pine.GSO.4.04.9811011657440.24326-100000@apollo.gti.net>
> Date: 	Sun, 1 Nov 1998 17:05:07 -0500
> Reply-To: Justin Foutts <jfoutts@APOLLO.GTI.NET>
> Sender: Bugtraq List <BUGTRAQ@netspace.org>
> From: Justin Foutts <jfoutts@APOLLO.GTI.NET>
> Subject:      SSHD Exploit
> To: BUGTRAQ@netspace.org
> X-Mozilla-Status2: 00000000
> 
> On a system I administer I found a program named sshdwarez.c in one of my
> user's home directories.  Upon further inspection I found that this was
> the source code of an x86/Linux remote buffer overflow exploit for sshd
> versions 1.2.26 and below.  I have tested this exploit on a number of my
> systems and have obtained remote root access on each one.  I will not post
> this exploit as it could give crackers a tool to gain unauthorized access
> to systems.  I STRONGLY recommend that everyone upgrade their versions of
> sshd as soon as possible.
> 
> Thanks!
> Justin
> 
[quoting a1]
Date:   Wed, 4 Nov 1998 11:22:08 -0600                                          
From: Aleph One <aleph1@DFW.NET>                                                
Subject:      Re: SSHD Exploit                                        
To: BUGTRAQ@netspace.org                                                      
    
This one was a fake folks. Little kids having their fun. Apologies for          
approving it. It was a long day.                                            
    
All persons that have examined the ssh code so far have found it to be          
secure (so far). If you require a safety net to sleep well at night while       
running sshd I recommend you recompile it with the StackGuard compiler          
(if you are running on a x86 or want to port it).                               
    
http://www.cse.ogi.edu/DISC/projects/immunix/StackGuard/                        
    
Aleph One / aleph1@dfw.net                                                      
http://underground.org/                                                        
KeyID 1024/948FD6B5                                                             
Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01                    
[end]

	Can we let all the SSH threads die now?!?! Please? :)

-- Yan

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981104104845.A1532>