Security Incidents mailing list archives
Re: SSH attacks?
From: Juri Haberland <juri () koschikode com>
Date: Sat, 31 Jul 2004 14:24:06 +0200
Alexander Klimov wrote:
[...] All have ssh: SSH-1.99-OpenSSH_3.8.1p1, SSH-2.0-OpenSSH_3.1p1 x3, SSH-1.99-OpenSSH_3.5p1. Those pre 3.7.1 can be obviously rooted thru CA-2003-24, but AFAIK there are no exploits for 3.8.1p1 (BTW: OpenSSH 3.8.1p1 was released on Apr 19, 2004). Telnet on some of them shows that they have RHLinux 7.3 and 9. [...]
[...] The second version that it is just a test for simple l/p is more likely because people who still use 3.1 and 3.5 are likely to have guest/guest, and they are most probably never notice/report the compromise (don't sure what about the box with 3.8.1)
Remember that most Linux distributions backport fixes to their current SSH version - therefore you will still see an old version string though the version is not vulnerable. Cheers, Juri
Current thread:
- Re: SSH attacks? alann lopes (Aug 01)
- <Possible follow-ups>
- Re: SSH attacks? Jyri Hovila (Aug 01)
- Re: SSH attacks? George Georgalis (Aug 01)
- Re: SSH attacks? Juri Haberland (Aug 01)