From owner-freebsd-security  Wed Nov 28 21:18:53 2001
Delivered-To: freebsd-security@freebsd.org
Received: from lariat.org (lariat.org [12.23.109.2])
	by hub.freebsd.org (Postfix) with ESMTP id 7613F37B405
	for <security@FreeBSD.ORG>; Wed, 28 Nov 2001 21:18:50 -0800 (PST)
Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2])
	by lariat.org (8.9.3/8.9.3) with ESMTP id WAA29372;
	Wed, 28 Nov 2001 22:18:32 -0700 (MST)
Message-Id: <4.3.2.7.2.20011128221259.04665720@localhost>
X-Sender: brett@localhost
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Wed, 28 Nov 2001 22:18:29 -0700
To: "Mauro Dias" <localhost@dsgx.org>, <security@FreeBSD.ORG>
From: Brett Glass <brett@lariat.org>
Subject: Re: sshd exploit
In-Reply-To: <009501c17893$b99415a0$0200a8c0@mdrjr.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

At 10:07 PM 11/28/2001, Mauro Dias wrote:
  
>I readed the message about the sshd exploit
>i have a binary copy of this exploit.
>it's exploits ssh versions:
>ssh-1.2.26
>ssh-1.2.27
>OpenSSH-2.2.0p1

I wonder if this is the same exploit mentioned by Dittrich and CERT --
the CRC32 compensation attack detector overflow in SSH1.

If so, you can probably patch the hole temporarily by disabling 
version 1 of the protocol. You can then upgrade to eliminate the hole.
3.0.1p1 is said to be immune. It's what I've run ever since I first heard 
about the vulnerability.

--Brett


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message