SSHD Exploit

From: Justin Foutts (jfouttsat_private)
Date: Sun Nov 01 1998 - 14:05:07 PST

Next message: X-Force: "ISS Security Advisory: Hidden SNMP community in HP OpenView"

Previous message: Salvatore Sanfilippo: "Sendmail/Qmail DoS"
Next in thread: Aleph One: "Re: SSHD Exploit"
Reply: Aleph One: "Re: SSHD Exploit"
Reply: Crispin Cowan: "Re: SSHD Exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On a system I administer I found a program named sshdwarez.c in one of my
user's home directories.  Upon further inspection I found that this was
the source code of an x86/Linux remote buffer overflow exploit for sshd
versions 1.2.26 and below.  I have tested this exploit on a number of my
systems and have obtained remote root access on each one.  I will not post
this exploit as it could give crackers a tool to gain unauthorized access
to systems.  I STRONGLY recommend that everyone upgrade their versions of
sshd as soon as possible.

Thanks!
Justin

Next message: X-Force: "ISS Security Advisory: Hidden SNMP community in HP OpenView"
Previous message: Salvatore Sanfilippo: "Sendmail/Qmail DoS"
Next in thread: Aleph One: "Re: SSHD Exploit"
Reply: Aleph One: "Re: SSHD Exploit"
Reply: Crispin Cowan: "Re: SSHD Exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:21:51 PDT