more on the remote ssh exploit (fwd)
E Frank Ball
frankb at efball.com
Tue Dec 4 16:30:08 PST 2001
On Fri, Nov 30, 2001 at 10:33:54AM -0800, ME wrote:
} A little research gave me:
}
} <http://www.openssh.org/security.html>
} * OpenSSH 2.3.0 and newer are not vulnerable to the "Feb 8, 2001:
} SSH-1 Daemon CRC32 Compensation Attack Detector Vulnerability", RAZOR
} Bindview Advisory CAN-2001-0144. A buffer overflow in the CRC32
} compensation attack detector can lead to remote root access. This
} problem has been fixed in OpenSSH 2.3.0. However, versions prior to
} 2.3.0 are vulnerable.
} </openssh.org>
}
} <http://razor.bindview.com/publish/advisories/adv_ssh1crc.html>
} Issue Date: February 8, 2001
} Remotely exploitable vulnerability condition exists in most ssh daemon
} installations (F-SECURE, OpenSSH, SSH from ssh.com, OSSH).
} Vulnerable:
} OpenSSH prior to 2.3.0 (unless SSH protocol 1 support is disabled)
} Not vulnerable:
} OpenSSH 2.3.0 (problem fixed)
ssh1 version ssh-1.2.32 also has the fix.
--
E Frank Ball efball at efball.com
More information about the talk
mailing list