Vulnerability Development mailing list archives
Re: SSH2 Exploit?
From: Steve Wright <stevew () cwazy co uk>
Date: Thu, 7 Mar 2002 15:08:58 +0000
Just wondering if anyone knows more about this; http://www.pine.nl/advisories/pine-cert-20020301.txt ( OpenSSH versions 2.0 - 3.0.2, Existing users will gain root privileges )
On Tue, 26 Feb 2002, John Compton wrote:Hi, I recently had a break-in on a redhat linux system. The attacker installed what appears to be torn kit, but there was one thing which caught my attention. I found a binary named "sshex" on the compromised system. I guess this is the exploit used to break in cause most of the servers here are kept up-to-date. The system was being used to actively scan for ssh servers. [root@testbox ]# ./sshex 7350ylonen - x86 ssh2 <= 3.1.0 exploit dream team teso usage: 7350ylonen [-hd] <-p port> <-t target> <-d packet_delay> host RH 7.x - SSH-2.0-3.x SSH Secure Shell RH 7.x - SSH-2.0-2.x SSH Secure Shell RH 6.x - SSH-2.0-2.x SSH Secure Shell Slack 8.0 - SSH-2.0-3.x SSH Secure Shell SuSE-7.3 - SSH-2.0-3.x SSH Secure Shell FreeBSD 4.3 - SSH-2.0-3.x SSH Secure Shell FreeBSD 4.3 - SSH-2.0-2.x SSH Secure Shell It tries to connect to port 22 when I target localhost, but I can't tell if sshd is crashing or not as I can't use gdb to attach to the process in time. The only SSH vulnerabilities I could find affected SSH1 servers, or OpenSSH. Has anyone else found this exploit on their systems or know something about it? _________________________________________________________________ Send and receive Hotmail on your mobile device: http://mobile.msn.com
Current thread:
- Re: SSH2 Exploit? Ron DuFresne (Mar 04)
- Re: SSH2 Exploit? Jon Zobrist (Mar 05)
- Re: SSH2 Exploit? H D Moore (Mar 07)
- Re: SSH2 Exploit? Ron DuFresne (Mar 07)
- <Possible follow-ups>
- Re: SSH2 Exploit? Ron DuFresne (Mar 07)
- Re: SSH2 Exploit? H D Moore (Mar 07)
- Re: SSH2 Exploit? H D Moore (Mar 08)
- Re: SSH2 Exploit? Ron DuFresne (Mar 07)
- Re: SSH2 Exploit? Teodor Cimpoesu (Mar 07)
- Re: SSH2 Exploit? Dan Hanson (Mar 08)
- Re: SSH2 Exploit? Steve Wright (Mar 08)