Educause Security Discussion mailing list archives
Correction: 0day exploit for OpenSSH is a trojan
From: Doug Pearson <dodpears () INDIANA EDU>
Date: Fri, 19 Sep 2003 16:26:18 -0500
The NetFlow data seen was from commercial Internet traffic at a GigaPoP, not Abilene NetFlow. -dp
Based on reports received by the REN-ISAC: The 0day exploit, purported to be an exploit of the OpenSSH vulnerability (CA-2003-24)[1], rather than compromising a remote OpenSSH system, actually is a trojan that compromises the system running the code. The trojan gathers data from the local system including password, shadow password, known hosts, and network configuration files, and e-mails the data to a remote system. Abilene NetFlow data shows a small amount of activity related to this trojan. 0day requires root authority, therefore, properly managed central servers should not be at risk. More details will be sent as they become available. [1] CERT Advisory CA-2003-24 Buffer Management Vulnerability in OpenSSH http://www.cert.org/advisories/CA-2003-24.html Regards, Doug Pearson REN-ISAC Director ren-isac () iu edu http://www.ren-isac.net
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Correction: 0day exploit for OpenSSH is a trojan Doug Pearson (Sep 19)