Full Disclosure mailing list archives

Re: lsh patch (was Re: new ssh exploit?)

From: Carl Livitt <carl () learningshophull co uk>
Date: Fri, 19 Sep 2003 16:54:16 +0000

I'm *not* going to bet that it isn't exploitable. I'll try to get new
releases out within a few days, until then, I recommend that you apply
the above patch to lshd and recompile, or disable lshd service.


I would recommend that too. Attached is a revised version of the exploit I 
posted earlier with a couple more targets.... it also works against lsh 
running 'daemonic', ie. started as a daemon and not just against lshd running 
in the foreground.

The only caveat is that the exploit must be the first thing to connect to lshd  
otherwise the exploit becomes a DoS.

More advanced exploits that work _every_ time should be expected.

Carl.

Attachment: lsh_exploit.c
Description:

Current thread:

Re: new ssh exploit?, (continued)
- - - Re: new ssh exploit? Blue Boar (Sep 16)
    - Re: new ssh exploit? Bennett Todd (Sep 17)
    - Re: new ssh exploit? Bennett Todd (Sep 18)
    - Re: new ssh exploit? Damian Gerow (Sep 18)
    - Re: new ssh exploit? Bennett Todd (Sep 18)
    - Re: new ssh exploit? Damian Gerow (Sep 18)
    - Re: new ssh exploit? Perry E. Metzger (Sep 18)
    - Re: new ssh exploit? KF (Sep 18)
    - Re: new ssh exploit? KF (Sep 18)
    - lsh patch (was Re: new ssh exploit?) Bennett Todd (Sep 19)
    - Re: lsh patch (was Re: new ssh exploit?) Carl Livitt (Sep 19)
    - Re: lsh patch (was Re: new ssh exploit?) Niels Möller (Sep 19)
    - Re: new ssh exploit? Shanphen Dawa (Sep 16)
- RE: new ssh exploit? Byron Copeland (Sep 15)
- Re: new ssh exploit? Darren Reed (Sep 15)