From owner-freebsd-security Wed Nov 28 19:50:18 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.fpsn.net (mail.fpsn.net [63.224.69.57]) by hub.freebsd.org (Postfix) with ESMTP id 45E7F37B417 for ; Wed, 28 Nov 2001 19:50:15 -0800 (PST) Received: from fpsn.net (control.fpsn.net [63.224.69.60]) (authenticated) by mail.fpsn.net (8.11.6/8.11.6) with ESMTP id fAT3o2p52379; Wed, 28 Nov 2001 20:50:03 -0700 (MST) Message-ID: <3C05B053.C43AC84E@fpsn.net> Date: Wed, 28 Nov 2001 20:49:39 -0700 From: Colin Faber X-Mailer: Mozilla 4.78 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: 00 Cc: Chris Byrnes , security@FreeBSD.ORG Subject: Re: sshd exploit? References: <007201c17887$c7ac4b00$0100000a@001> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Does this expliot effect all sshd's or can it be stopped with wrappers 00 wrote: > > Yes, your friend is right, I'm not sure of the specifics, but I have a copy > of the exploit and it has only been released in binary form. OpenBSD's > OpenSSH team or no other SSH development group has yet to make a formal > statement, most likely due to the fact they don't know what the vunerability > is as of yet so they don't want to spark a fire. The vunerability is a > great threat because it is remote and root compromisable. The exploit scans > a listing of addresses, and when it find a host it just drops to a > rootshell. > -----Original Message----- > From: Chris Byrnes > To: security@freebsd.org > Date: Wednesday, November 28, 2001 4:23 PM > Subject: sshd exploit? > > >A colleague sent me a very vague e-mail, telling me that I should 'disable > >SSHD now' because of a 'private exploit being circulated since Saturday'. > > > >Anyone know anything about this? > > > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-security" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message