[NBLUG/talk] openssh exploit?
Mitch Patenaude
mrp at sonic.net
Tue Sep 16 10:42:09 PDT 2003
On Tuesday, Sep 16, 2003, at 10:31 US/Pacific, Daniel Smith wrote:
>> >>a) how serious is the openssh
>> >>problem, and b) the idea of switching to lsh?
>>
>
> Before someone goes into "duh, a root login is
> serious" mode, let me rephrase that :-)
>
> "is it a wide open, easy to exploit hole, or is
> it something more theoretical?"
According to the buzz (Slashdot and the full disclosure list), there is
an active exploit in the wild -- a worm. Several ISPs have starting
blocking port 22 both because of root exploits on their servers, and
because the worm actively makes MANY connection requests looking for
the right offset, creating a DOS.
I've shut off forwarding to port 22 on my firewall for now.
Apparently, OpenSSH 3.7 fixes this bug (buffer overflow in buffer.c,
the exploit is apparently from reverse engineering the fix.) But I
can't find 3.7 on any of the mirrors, and the main site is overwhelmed
(unsurprisingly.)
-- Mitch
More information about the talk
mailing list