Security Incidents mailing list archives
Re: Attacks against SSH?
From: Russell Fulton <r.fulton () auckland ac nz>
Date: Thu, 6 Dec 2001 09:22:35 +1300 (NZDT)
On Wed, 5 Dec 2001 07:11:57 +0100 Przemyslaw Frasunek <venglin () freebsd lublin pl> wrote:
On Wednesday 05 December 2001 03:51, Russell Fulton wrote:package with SSH-1.5-OpenSSH-1.2.3 in not vulnerable: bluebottle:~ >ssh -l`perl -e '{print "A"x90000}'` 130.216.yyy.xxx Word too long.No, it doesn't mean you're not vulnerable. Some shells (csh, tcsh) limits argument length and prints 'Word too long'.
Oops! Thanks of pointing that out! hmmm... how about: bluebottle:~ >sh $ ssh -l`perl -e '{print "A"x90000}'`130.216.1.228 Usage: ssh [options] host [command] Options: -l user Log in using this user name. -n Redirect input from /dev/null. -A Enable authentication agent forwarding. -a Disable authentication agent forwarding. Now we now get a usage error from the local ssh client. Which ssh client were you using Michal? Russell Fulton, Computer and Network Security Officer The University of Auckland, New Zealand ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: SSH1 CRC32 Compensation Attacks, (continued)
- Re: SSH1 CRC32 Compensation Attacks Andreas Östling (Dec 10)
- Re: SSH1 CRC32 Compensation Attacks Armando Ortiz (Dec 10)
- Re: Attacks against SSH? Florian Weimer (Dec 04)
- Re: Attacks against SSH? Armando B. Ortiz (Dec 03)
- Re: Attacks against SSH? Steven S (Dec 03)
- Re: Attacks against SSH? Adam Manock (Dec 04)
- Re: Attacks against SSH? Andreas Wiesmann (Dec 03)
- Re: Attacks against SSH? Cy Schubert - ITSD Open Systems Group (Dec 03)
- Message not available
- Message not available
- Message not available
- Re: Attacks against SSH? johan . augustsson (Dec 06)
- Message not available
- RE: Attacks against SSH? CHURCH,GENO (Non-HP-USA,ex1) (Dec 04)
- Re: Attacks against SSH? Russell Fulton (Dec 05)
- Re: Attacks against SSH? David Chin (Dec 05)
- Re: Attacks against SSH? Skip Carter (Dec 05)
- Re: Attacks against SSH? Skip Carter (Dec 06)