Security Incidents mailing list archives
Re: Attacks against SSH?
From: Michal Zalewski <lcamtuf () coredump cx>
Date: Tue, 4 Dec 2001 17:16:22 -0500 (EST)
On Tue, 4 Dec 2001, Jason Baker wrote:
I took a quick look around and didn't see the exploit code, is there anyone who can confirm if debian with ssh 1:1.2.3-9.2 is vulnerable? (Or point me at the exploit and I'll test myself)
You can test for the vulnerability in rather trivial way, as described in our original advisory. You need to use OpenSSH client that does not truncate usernames, and then try the following: ssh -l`perl -e '{print "A"x90000}'` someserver -v If the connection is dropped with no error message (and the daemon dies with signal 11) after establishing a connection and exchanging keys but before password prompt, you are vulnerable. If it gives you password prompt, you are not vulnerable. -- _____________________________________________________ Michal Zalewski [lcamtuf () bos bindview com] [security] [http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};: =-=> Did you know that clones never use mirrors? <=-= http://lcamtuf.coredump.cx/photo/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Attacks against SSH? johan . augustsson (Dec 03)
- Re: Attacks against SSH? Aaron Schultz (Dec 03)
- Re: Attacks against SSH? f.johan.beisser (Dec 03)
- Re: Attacks against SSH? johan . augustsson (Dec 04)
- Re: Attacks against SSH? Jordan K Wiens (Dec 04)
- Re: Attacks against SSH? Dave Dittrich (Dec 04)
- Re: Attacks against SSH? Jason Baker (Dec 04)
- Re: Attacks against SSH? Michal Zalewski (Dec 04)
- Re: Attacks against SSH? Russell Fulton (Dec 04)
- Re: Attacks against SSH? Przemyslaw Frasunek (Dec 05)
- Re: Attacks against SSH? johan . augustsson (Dec 04)
- Re: Attacks against SSH? f.johan.beisser (Dec 04)
- SSH1 CRC32 Compensation Attacks Armando B. Ortiz (Dec 10)
- Re: SSH1 CRC32 Compensation Attacks Andreas Östling (Dec 10)
- Re: SSH1 CRC32 Compensation Attacks Armando Ortiz (Dec 10)
- Re: Attacks against SSH? Steven S (Dec 03)