Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SSH 4.3 dos question

From: earle.david () gmail com
Date: 25 Feb 2007 02:45:54 -0000
The obvious two considerations are:

1. Is OpenSSH configured to accept SSH version one traffic? I'm not up on SSH, but you might be able to test this with 
a connection attempt for an older version.

2. What hardware is the system running? Even if the system is vulnerable, the vulnerability description only says that 
a DOS is possible. A high-end CPU or processing limits placed on the service could cause you some problems.

Beyond that, you may want to vet the exploit code to ensure that it's doing what it says its doing. From glancing at it 
it looks fine, but you do see a lot of vulnerabilities that are subtly edited to simply not work, at least if you don't 
tweak them appropriately.

Good luck with your testing!

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: