Vulnerability Development mailing list archives
Re: SSH2 Exploit?
From: Sten <sten () blinkenlights nl>
Date: Wed, 27 Feb 2002 22:04:26 +0100 (CET)
On Tue, 26 Feb 2002, John Compton wrote:
[root@testbox ]# ./sshex 7350ylonen - x86 ssh2 <= 3.1.0 exploit dream team teso usage: 7350ylonen [-hd] <-p port> <-t target> <-d packet_delay> host It tries to connect to port 22 when I target localhost, but I can't tell if sshd is crashing or not as I can't use gdb to attach to the process in time. The only SSH vulnerabilities I could find affected SSH1 servers, or OpenSSH. Has anyone else found this exploit on their systems or know something about it?
I can confirm that this is circulating, it seems to only affect the commercial SSH.com code, which limits the impact somewhat, because most opensource os's use openssh instead. -- Sten Spans "What does one do with ones money, when there is no more empty rackspace ?"
Current thread:
- SSH2 Exploit? John Compton (Feb 26)
- Re: SSH2 Exploit? Teodor Cimpoesu (Feb 27)
- Re: SSH2 Exploit? Sten (Feb 27)
- Re: SSH2 Exploit? Ron DuFresne (Feb 27)