Date: Thu, 7 Mar 2002 20:02:22 -0600 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: Alex Popa <razor@ldc.ro> Cc: freebsd-security@freebsd.org Subject: Re: ssh version string Message-ID: <20020308020222.GB41852@hellblazer.nectar.cc> In-Reply-To: <20020308010728.A82325@ldc.ro> References: <20020308010728.A82325@ldc.ro>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Mar 08, 2002 at 01:07:28AM +0200, Alex Popa wrote: > Hello. I finished a build/installworld on -stable a few hours ago, and > I noticed that the ssh version string had not been bumped at the moment > I did the cvsup, however the fix *is* in channels.c. > > next is output from ls; times are UTC+2 > -rw-r--r-- 1 root wheel 74727 Mar 7 19:11 channels.c > -rw-r--r-- 1 root wheel 11705 Feb 3 16:29 channels.h > -rw-r--r-- 1 root wheel 2061 Sep 28 04:33 version.c > -rw-r--r-- 1 root wheel 431 Feb 3 16:29 version.h > > So I seem to have caught the moment between the updating of channels.c > and version.h. [confirmed: a new cvsup changed just version.h, not the > rest] That's no surprise. For FreeBSD-CURRENT and FreeBSD-STABLE there were large windows of time (approximately 2 and 1 days respectively) between the update to channels.c and the update to version.h. For the security branches, the window was only for a few seconds. > This is useful to use as a honeypot-like system. I wonder if you could > tell me what the signs of trying to exploit the (now fixed) > vulnerability are, so I could pay extra care with those. I cannot. There are no publicly available exploits at this time. I suspect you'd see something similar to previous types of attacks ... lots of sshd's dying as the exploit hunted for the right payload, but I cannot be certain. Cheers, -- Jacques A. Vidrine <n@nectar.cc> http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020308020222.GB41852>