Re: Attacks against SSH?

From: Florian Weimer (Florian.Weimerat_private-Stuttgart.DE)
Date: Tue Dec 04 2001 - 07:09:57 PST

Next message: Jordan K Wiens: "Re: Attacks against SSH?"

Previous message: j.e.r.k. ROCKS: "Re: solaris nscd cores"
In reply to: f.johan.beisser: "Re: Attacks against SSH?"
Next in thread: Armando B. Ortiz: "Re: Attacks against SSH?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

"f.johan.beisser" <janat_private> writes:

> the exploit is (supposedly) encrypted, stripped, and for x86 linux. the
> binary has an md5 checksum of 1309689a9af6b82e11e8dfa5c6282c30. it's
> ruffly 1.4 megs in size. i've only seen it as "x2".

We've seen a "targets" file accompanying the "x2" file.  It lists some
offsets, but only for SSH versions which are known to have the CRC32
bug.

-- 
Florian Weimer 	                  Florian.Weimerat_private-Stuttgart.DE
University of Stuttgart           http://cert.uni-stuttgart.de/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Jordan K Wiens: "Re: Attacks against SSH?"
Previous message: j.e.r.k. ROCKS: "Re: solaris nscd cores"
In reply to: f.johan.beisser: "Re: Attacks against SSH?"
Next in thread: Armando B. Ortiz: "Re: Attacks against SSH?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Dec 04 2001 - 11:15:27 PST