From owner-freebsd-security Wed Nov 28 20:28:54 2001 Delivered-To: freebsd-security@freebsd.org Received: from obsecurity.dyndns.org (adsl-64-165-226-105.dsl.lsan03.pacbell.net [64.165.226.105]) by hub.freebsd.org (Postfix) with ESMTP id BF70A37B41A for ; Wed, 28 Nov 2001 20:28:48 -0800 (PST) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 5099066B27; Wed, 28 Nov 2001 20:28:48 -0800 (PST) Date: Wed, 28 Nov 2001 20:28:48 -0800 From: Kris Kennaway To: 00 Cc: Chris Byrnes , security@freebsd.org Subject: Re: sshd exploit? Message-ID: <20011128202848.C51646@xor.obsecurity.org> References: <007201c17887$c7ac4b00$0100000a@001> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="GZVR6ND4mMseVXL/" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <007201c17887$c7ac4b00$0100000a@001>; from x2s500y@sekurity.net on Wed, Nov 28, 2001 at 10:41:44PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --GZVR6ND4mMseVXL/ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Wed, Nov 28, 2001 at 10:41:44PM -0500, 00 wrote: > Yes, your friend is right, I'm not sure of the specifics, but I have a copy > of the exploit and it has only been released in binary form. OpenBSD's > OpenSSH team or no other SSH development group has yet to make a formal > statement, most likely due to the fact they don't know what the vunerability > is as of yet so they don't want to spark a fire. The vunerability is a > great threat because it is remote and root compromisable. The exploit scans > a listing of addresses, and when it find a host it just drops to a > rootshell. Please forward a copy to security-officer@FreeBSD.org. We've only seen an exploit for the old vulnerability in OpenSSH 2.2.0, which obviously isn't that exciting :) Kris --GZVR6ND4mMseVXL/ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8Bbl/Wry0BWjoQKURAkYdAKDebf3NZ2dJrLhCPtKGrVV3Z98g2QCfUo2o 1suwdQyv2r+pK67/ZBzS2NE= =QjSG -----END PGP SIGNATURE----- --GZVR6ND4mMseVXL/-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message