Date: Sun, 2 Dec 2001 22:42:13 +0100 From: Przemyslaw Frasunek <venglin@freebsd.lublin.pl> To: slamdunk <slamdunk@neophile.net>, security@freebsd.org Subject: Re: Is this an attempt on SSH hack? Message-ID: <200112022142.fB2LgDf52204@mailhost.freebsd.lublin.pl> In-Reply-To: <5.1.0.14.2.20011202213039.00a99d88@mail.btinternet.com> References: <5.1.0.14.2.20011202213039.00a99d88@mail.btinternet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sunday 02 December 2001 22:39, slamdunk wrote: > Dec 2 01:02:45 www sshd[15029]: fatal: Local: Corrupted Yes, this is attempt to exploit remote CRC32 integer overflow. Probably it wasn't successful if logs were not removed. > Running SSH Version OpenSSH-1.2.2, protocol version 1.5. > Compiled with SSL. > Need I be worried? This version of OpenSSH is definitely vulnerable, but circulating exploits probably doesn't 'support' it. Please upgrade as soon as possible to at least OpenSSH 2.3.0. -- * Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE * * Inet: przemyslaw@frasunek.com ** PGP: D48684904685DF43EA93AFA13BE170BF * To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200112022142.fB2LgDf52204>