On a system I administer I found a program named sshdwarez.c in one of my user's home directories. Upon further inspection I found that this was the source code of an x86/Linux remote buffer overflow exploit for sshd versions 1.2.26 and below. I have tested this exploit on a number of my systems and have obtained remote root access on each one. I will not post this exploit as it could give crackers a tool to gain unauthorized access to systems. I STRONGLY recommend that everyone upgrade their versions of sshd as soon as possible. Thanks! Justin
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:21:51 PDT