Security Incidents mailing list archives

Re: SSH attacks?

From: Juri Haberland <juri () koschikode com>
Date: Sat, 31 Jul 2004 14:24:06 +0200

Alexander Klimov wrote:

[...] All have ssh:
SSH-1.99-OpenSSH_3.8.1p1, SSH-2.0-OpenSSH_3.1p1 x3,
SSH-1.99-OpenSSH_3.5p1. Those pre 3.7.1 can be obviously rooted thru
CA-2003-24, but AFAIK there are no exploits for 3.8.1p1 (BTW: OpenSSH
3.8.1p1 was released on Apr 19, 2004). Telnet on some of them shows
that they have RHLinux 7.3 and 9. [...]

[...] The second version
that it is just a test for simple l/p is more likely because people
who still use 3.1 and 3.5 are likely to have guest/guest, and they are
most probably never notice/report the compromise (don't sure what
about the box with 3.8.1)


Remember that most Linux distributions backport fixes to their current
SSH version - therefore you will still see an old version string though
the version is not vulnerable.

Cheers,
Juri

Current thread:

Re: SSH attacks? alann lopes (Aug 01)
- <Possible follow-ups>
- Re: SSH attacks? Jyri Hovila (Aug 01)
- Re: SSH attacks? George Georgalis (Aug 01)
- Re: SSH attacks? Juri Haberland (Aug 01)