SSH2 Exploit?

["John Compton" <johny_compton () hotmail com>]

Hi,

I recently had a break-in on a redhat linux system.  The attacker installed 
what appears to be torn kit, but there was one thing which caught my 
attention. I found a binary named "sshex" on the compromised system.  I 
guess this is the exploit used to break in cause most of the servers here 
are kept up-to-date.  The system was being used to actively scan for ssh 
servers.

[root@testbox ]# ./sshex

7350ylonen - x86 ssh2 <= 3.1.0 exploit
dream team teso
usage: 7350ylonen [-hd] <-p port> <-t target> <-d packet_delay> host

RH 7.x - SSH-2.0-3.x SSH Secure Shell
RH 7.x - SSH-2.0-2.x SSH Secure Shell
RH 6.x - SSH-2.0-2.x SSH Secure Shell
Slack 8.0 - SSH-2.0-3.x SSH Secure Shell
SuSE-7.3 - SSH-2.0-3.x SSH Secure Shell
FreeBSD 4.3 - SSH-2.0-3.x SSH Secure Shell
FreeBSD 4.3 - SSH-2.0-2.x SSH Secure Shell

It tries to connect to port 22 when I target localhost, but I can't tell if 
sshd is crashing or not as I can't use gdb to attach to the process in time. 
 The only SSH vulnerabilities I could find affected SSH1 servers, or 
OpenSSH.  Has anyone else found this exploit on their systems or know 
something about it?

_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com