Re: OpenSSH 3.5p1

[H D Moore <sflist () digitaloffense net>]

Most systems running that version of OpenSSH are still using an 
exploitable version of the 'zlib' library. Technically, you can trigger 
the zlib bug prior to authentication (protocol 2, MSG_IGNORE requests), 
but getting a shell out of it seems difficult. 

-HD

On Wednesday 11 January 2006 16:50, Farz Hem wrote:
> Is there any problem with 3.5p1 that can actually be exploited? I want
> to but all the supposed exploits with this version that I can find are
> "rumored," so my boss doesn't want me to touch the servers unless
> there actually is a possibility of security breaching. If there is
> one, please send maybe a proof of concept or an explanation.

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------