RE: Voluminous SSHd scanning; possible worm activity?

["Gommers, Joep" <JGommers () gfo nl>]

Uh, i need to correct myself on this. 2.0.x do can be exploited if it fals
back to v1 implementation vurn. for an old bug.

and 2.9.2 exploit is only a rumor. But they will have to be based on
something.

Cheers, joep

-----Oorspronkelijk bericht-----
Van: jon schatz [mailto:jon () divisionbyzero com]
Verzonden: woensdag 12 december 2001 1:58
Aan: Gommers, Joep
CC: Incidents List
Onderwerp: RE: Voluminous SSHd scanning; possible worm activity?


On Tue, 2001-12-11 at 05:12, Gommers, Joep wrote:
> Also SSH versions 2.0.x and 2.9.2 have not yet published exploit around.

wait, are you sure about this? is this a known issue (ie, UseLogin and
sftp), or is this based on something new? there have been rumors on many
lists (vuln-dev, focus-linux, etc) of such an exploit, which is quite
scary. do you have a reliable source on this?

-jon

-- 
jon () divisionbyzero com || www.divisionbyzero.com
gpg key: www.divisionbyzero.com/pubkey.asc
think i have a virus?: www.divisionbyzero.com/pgp.html
"You are in a twisty little maze of Sendmail rules, all confusing." 

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com