Bugtraq mailing list archives

Re: SSH-1.2.27 & RSAREF2 exploit

From: speed () LINUX DPILINK COM (Speed)
Date: Wed, 15 Dec 1999 16:07:11 -0500


However, don't be complacent because this particular exploit is not Kid
Tested.  A quite functional exploit of this vulnerability has been around
since at least 1998 (and that is only to my knowledge).

Moral of the story: patch your system or get rid of sshd 1.2.2x

On Tue, 14 Dec 1999, [iso-8859-1] IvÃ¡n Arce wrote:

The exploit is more or less "script-kid-proof" since if it doesnt work a
bit of
debugging, coding and probably crypto skills are needed to make it work.

Current thread:

Re-release of Microsoft Security Bulletin MS99-046, (continued)
- - - Re-release of Microsoft Security Bulletin MS99-046 Microsoft Product Security (Dec 23)
    - BUG? Non-root user can configure traffic shaper (2.2.13) (fwd) Yuri Kuzmenko (Dec 24)
    - RealMedia Server 5.0 Crasher (rmscrash.c) bow (Dec 22)
    - Re: procmail / Sendmail - five bugs Casper Dik (Dec 23)
    - Re: SSH-1.2.27 & RSAREF2 exploit Wakko Ellington Warner-Warner III (Dec 15)
    - Recent postings about SCO UnixWare 7 Andrew Malcolm (Dec 15)
    - Re: SSH-1.2.27 & RSAREF2 exploit Iván Arce (Dec 15)
    - Oops, my apologies. Wakko Ellington Warner-Warner III (Dec 15)
    - IRCnet IRCD 2.0x Reboot Bug A Bloke (Dec 15)
    - Re: IRCnet IRCD 2.0x Reboot Bug Matus \ (Dec 15)
    - Re: SSH-1.2.27 & RSAREF2 exploit Speed (Dec 15)
  - Security Vulnerability in VVOS TGP Aleph One (Dec 14)
  - CERT Advisory CA-99.15 - Buffer Overflows in SSH Daemon and RSAREF2 Library Aleph One (Dec 14)