SecurityFocus hinted that they where looking for information concerning the SSH CRC-32 Compensation Attack Detector Vulnerability released on feb 8, earlier this year. They then updated their database for the following entry. >snip from securityfocus> Successful exploitation of this vulnerability is extremely dependent on attacker knowledge of the target process memory layout. This makes 'one-shot' exploitation difficult. With repeated attempts and the widespread use of binary ssh packages, exploitation of this vulnerability 'in the wild' is not inconcievable. There have been reports suggesting that this may be occuring. Since early september, independent, reliable sources have confirmed that this vulnerability is being exploited by attackers on the Internet. Security Focus does not currently have the exploit code being used, however this record will be updated if and when it becomes available. NOTE: Cisco 11000 Content Service Switch family is vulnerable to this issue. All WebNS releases prior, but excluding, versions: 4.01 B42s, 4.10 22s, 5.0 B11s, 5.01 B6s, are vulnerable. >unsnip> bugtraq id 2347 object ssh, sshd class Boundary Condition Error cve CAN-2001-0144 remote Yes local No published Feb 08, 2001 updated Oct 19, 2001 Hope this helps. Simply, Daniel Uriah Clemens - dclemensat_private "The right to freedom being the gift of God Almighty, it is not in the power of man to alienate this gift and voluntarily become a slave." --Samuel Adams On Sun, 21 Oct 2001, Jay D. Dyson wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > Hi folks, > > No great shakes here, but I'm curious to know if anyone else is > seeing concerted SSHd scans coming from RIPE netblocks lately. I've noted > a few here and, while I considered them oddities at first, I'm starting to > wonder if someone (or something) across the Atlantic doesn't have the > much-ballyhoo'd "0day for sale." > > I'm not bored enough to see what they're really up to (yet), so I > figured I'd just toss this out for general consideration. > > Oh yeah, the latest scan came from 193.206.153.7. > > - -Jay > > ( ( _______ > )) )) .-"There's always time for a good cup of coffee."-. >====<--. > C|~~|C|~~| (>------ Jay D. Dyson - jdysonat_private ------<) | = |-' > `--' `--' `- Peace without justice is life without living. -' `------' > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.2 > Comment: See http://www.treachery.net/~jdyson/ for current keys. > > iQCVAwUBO9Jz97lDRyqRQ2a9AQHKbwP9EJcPFxXXWuPtOYRVYZmsIEPiomtwXDfu > xKTD01KsWH/dXGxs/h4kKd/QRzPGHnHreri59Sd9UBua+EV0VjzCzcR44Ne9k5ns > 3FnP3TYrS1nVJ4q5cm4cawWNXRx3zo0loCbiYRT6Mbsp99y/Rju6Dy2OzA3VaYkH > kKz41A1aFKc= > =kGQe > -----END PGP SIGNATURE----- > > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Oct 22 2001 - 09:55:50 PDT