From owner-freebsd-security Wed Nov 28 19:40:27 2001 Delivered-To: freebsd-security@freebsd.org Received: from pdn.net (pdn.net [206.139.32.1]) by hub.freebsd.org (Postfix) with ESMTP id ADBD037B416 for ; Wed, 28 Nov 2001 19:40:24 -0800 (PST) Received: from 001 (host-209-214-179-166.flo.bellsouth.net [209.214.179.166]) by pdn.net (8.8.7/8.8.7+Anti-Spam) with SMTP id WAA18358; Wed, 28 Nov 2001 22:40:14 -0500 Message-ID: <007201c17887$c7ac4b00$0100000a@001> From: "00" To: "Chris Byrnes" , Subject: Re: sshd exploit? Date: Wed, 28 Nov 2001 22:41:44 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.5 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Yes, your friend is right, I'm not sure of the specifics, but I have a copy of the exploit and it has only been released in binary form. OpenBSD's OpenSSH team or no other SSH development group has yet to make a formal statement, most likely due to the fact they don't know what the vunerability is as of yet so they don't want to spark a fire. The vunerability is a great threat because it is remote and root compromisable. The exploit scans a listing of addresses, and when it find a host it just drops to a rootshell. -----Original Message----- From: Chris Byrnes To: security@freebsd.org Date: Wednesday, November 28, 2001 4:23 PM Subject: sshd exploit? >A colleague sent me a very vague e-mail, telling me that I should 'disable >SSHD now' because of a 'private exploit being circulated since Saturday'. > >Anyone know anything about this? > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message