From owner-freebsd-security Wed Nov 28 21:18:53 2001 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [12.23.109.2]) by hub.freebsd.org (Postfix) with ESMTP id 7613F37B405 for ; Wed, 28 Nov 2001 21:18:50 -0800 (PST) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id WAA29372; Wed, 28 Nov 2001 22:18:32 -0700 (MST) Message-Id: <4.3.2.7.2.20011128221259.04665720@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Wed, 28 Nov 2001 22:18:29 -0700 To: "Mauro Dias" , From: Brett Glass Subject: Re: sshd exploit In-Reply-To: <009501c17893$b99415a0$0200a8c0@mdrjr.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 10:07 PM 11/28/2001, Mauro Dias wrote: >I readed the message about the sshd exploit >i have a binary copy of this exploit. >it's exploits ssh versions: >ssh-1.2.26 >ssh-1.2.27 >OpenSSH-2.2.0p1 I wonder if this is the same exploit mentioned by Dittrich and CERT -- the CRC32 compensation attack detector overflow in SSH1. If so, you can probably patch the hole temporarily by disabling version 1 of the protocol. You can then upgrade to eliminate the hole. 3.0.1p1 is said to be immune. It's what I've run ever since I first heard about the vulnerability. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message