Vulnerability Development mailing list archives
Re: SSH2 Exploit?
From: H D Moore <sflist () digitaloffense net>
Date: Thu, 7 Mar 2002 07:56:15 -0600
This is a ssh1 crc32 auto-rooter, courtesy of incident response: http://www.digitaloffense.net/autossh.tgz You have 24 hours to grab a copy before I remove it. I have not checked the contained binaries for trojans or virii yet, so please dont run them unless you verify them yourself. An auto-rooter would not be created if the exploit it used (x2) doesn't work... On Wednesday 27 February 2002 08:10 pm, Ron DuFresne wrote:
There's nothing here that actually suggests the systems were compromised via sshd, neither sshd1 nor sshd2. Nor is there an actual accounting of what other services were open for possible exploit on the systems in question. Nothing about the kernels chosen and possible problems there, nor if the systems were acutally remotely exploited of if <as is much more possible> that an internal user on the systems actually rooted the systems. I have seen code to scan for sshd1, seen the traces in my logs, and there have been hints of possible sshd1 exploit code ciculating for awhile now, with no real evicdence presented there is such an exploit in use that works remotely. Those exploits of sshd1 that have been suggested are far above the needs and skills of simple skript-kiddies though. SSHD2 that I've seen vulnerabilites mentioned for though are those that include sshd1 support, so, if there is real evidence of an sshd2 remote exploit or even a remote sshd1 exploit in acutal use, then, I'd certainly like to see the code or binaries in question. Otherwie, we only have rumrrs of such and most likely have systems hacked via other vectors that are used to scan for possibly exploitable sshd's, and these scans are possibly placed for scare tactics or diversion from the real purpose of the rooting that has taken place. Thanks, Ron DuFresne
Current thread:
- Re: SSH2 Exploit? Ron DuFresne (Mar 04)
- Re: SSH2 Exploit? Jon Zobrist (Mar 05)
- Re: SSH2 Exploit? H D Moore (Mar 07)
- Re: SSH2 Exploit? Ron DuFresne (Mar 07)
- <Possible follow-ups>
- Re: SSH2 Exploit? Ron DuFresne (Mar 07)
- Re: SSH2 Exploit? H D Moore (Mar 07)
- Re: SSH2 Exploit? H D Moore (Mar 08)
- Re: SSH2 Exploit? Ron DuFresne (Mar 07)
- Re: SSH2 Exploit? Teodor Cimpoesu (Mar 07)
- Re: SSH2 Exploit? Dan Hanson (Mar 08)
- Re: SSH2 Exploit? Steve Wright (Mar 08)