Penetration Testing mailing list archives
Re: SSH 4.3 dos question
From: M.B.Jr. <marcio.barbado () gmail com>
Date: Sat, 24 Feb 2007 14:36:36 -0300
Most of those published vulnerabilities are context-specific. Simulate it first (Xen, VMware, whatever) changing its variables. My guessing is that you need to perform the attack when an ssh channel is already established. Have you tried this? Regards, On 2/22/07, Francois Yang <francois.y () gmail com> wrote:
I'm evaluating a friends server and I noticed that he had a vulnerable version of SSH. Nmap result; 22/tcp open ssh OpenSSH 4.3 (protocol 1.99) According to security focus it is vulnerable to a DOS attack. http://www.securityfocus.com/bid/20216/info cve - CVE-2006-4924 When I run the script from millw0rm which is suppose to cause the DOS nothing happens. The scripts runs fine saying that it worked, but the server doesn't seem to be affected. http://milw0rm.com/exploits/2444 Any ideas? thanks. -- If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology. Bruce Schneier ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
-- Marcio Barbado, Jr. ============== ============== ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- SSH 4.3 dos question Francois Yang (Feb 23)
- Re: SSH 4.3 dos question M . B . Jr . (Feb 25)
- <Possible follow-ups>
- Re: SSH 4.3 dos question earle . david (Feb 25)