Vulnerability Development mailing list archives
Re: SSH2 Exploit?
From: Ron DuFresne <dufresne () winternet com>
Date: Tue, 26 Feb 2002 05:53:22 -0600 (CST)
Where;s the copy of the binary here? If others are to help in defining what you thoink you found, do you not think it proper to put the file up for review and auditing/debugging? Thanks, Ron DuFresne On Tue, 26 Feb 2002, John Compton wrote:
Hi, I recently had a break-in on a redhat linux system. The attacker installed what appears to be torn kit, but there was one thing which caught my attention. I found a binary named "sshex" on the compromised system. I guess this is the exploit used to break in cause most of the servers here are kept up-to-date. The system was being used to actively scan for ssh servers. [root@testbox ]# ./sshex 7350ylonen - x86 ssh2 <= 3.1.0 exploit dream team teso usage: 7350ylonen [-hd] <-p port> <-t target> <-d packet_delay> host RH 7.x - SSH-2.0-3.x SSH Secure Shell RH 7.x - SSH-2.0-2.x SSH Secure Shell RH 6.x - SSH-2.0-2.x SSH Secure Shell Slack 8.0 - SSH-2.0-3.x SSH Secure Shell SuSE-7.3 - SSH-2.0-3.x SSH Secure Shell FreeBSD 4.3 - SSH-2.0-3.x SSH Secure Shell FreeBSD 4.3 - SSH-2.0-2.x SSH Secure Shell It tries to connect to port 22 when I target localhost, but I can't tell if sshd is crashing or not as I can't use gdb to attach to the process in time. The only SSH vulnerabilities I could find affected SSH1 servers, or OpenSSH. Has anyone else found this exploit on their systems or know something about it? _________________________________________________________________ Send and receive Hotmail on your mobile device: http://mobile.msn.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything.
Current thread:
- SSH2 Exploit? John Compton (Feb 26)
- Re: SSH2 Exploit? Teodor Cimpoesu (Feb 27)
- Re: SSH2 Exploit? Sten (Feb 27)
- Re: SSH2 Exploit? Ron DuFresne (Feb 27)