Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 29 Nov 2001 13:34:46 -0600
From:      "Jacques A. Vidrine" <n@nectar.com>
To:        Brett Glass <brett@lariat.org>
Cc:        Kris Kennaway <kris@obsecurity.org>, "f.johan.beisser" <jan@caustic.org>, Mauro Dias <localhost@dsgx.org>, security@FreeBSD.ORG
Subject:   Re: sshd exploit
Message-ID:  <20011129133446.A23161@hellblazer.nectar.com>
In-Reply-To: <4.3.2.7.2.20011129113349.04722900@localhost>; from brett@lariat.org on Thu, Nov 29, 2001 at 11:46:50AM -0700
References:  <4.3.2.7.2.20011128225341.04672880@localhost> <4.3.2.7.2.20011128221259.04665720@localhost> <20011128214925.P16958-100000@localhost> <4.3.2.7.2.20011128225341.04672880@localhost> <20011128233947.C53604@xor.obsecurity.org> <4.3.2.7.2.20011129113349.04722900@localhost>

next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Nov 29, 2001 at 11:46:50AM -0700, Brett Glass wrote:
> As Security Officer, have you run the exploit against 4.4-RELEASE to
> see how it behaves and if 4.4-RELEASE is immune? 

As a member  of the FreeBSD Security Officer team,  I have worked with
both the  TESO and x2 exploits.   Neither work against any  version of
OpenSSH later  than 2.2.0, which includes  4.4-RELEASE.  Both programs
attack the CRC detector.

This doesn't prove that there is  not yet another exploit program that
does, but so far we have only rumours.

> This is important, since 
> without a disassembly we do not know whether the exploit attacks this 
> vulnerability or a different (possibly related?) one. 

Who says we don't have a disassembly?  Anyway, one doesn't need one to
determine what the exploit does when  run, or how it affects arbitrary
versions of OpenSSH.

> We also do not know
> if the claimed fix was fully effective against all possible exploits.

We can never know that about this fix or any other, of course.
-- 
Jacques A. Vidrine <n@nectar.com>                   http://www.nectar.com/
NTT/Verio SME           .      FreeBSD UNIX      .        Heimdal Kerberos
jvidrine@verio.net      .   nectar@FreeBSD.org   .           nectar@kth.se

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011129133446.A23161>