On Tue, 4 Dec 2001, Jason Baker wrote:
> I took a quick look around and didn't see the exploit code, is there
> anyone who can confirm if debian with ssh 1:1.2.3-9.2 is vulnerable?
> (Or point me at the exploit and I'll test myself)
You can test for the vulnerability in rather trivial way, as described in
our original advisory. You need to use OpenSSH client that does not
truncate usernames, and then try the following:
ssh -l`perl -e '{print "A"x90000}'` someserver -v
If the connection is dropped with no error message (and the daemon dies
with signal 11) after establishing a connection and exchanging keys but
before password prompt, you are vulnerable. If it gives you password
prompt, you are not vulnerable.
--
_____________________________________________________
Michal Zalewski [lcamtufat_private] [security]
[http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};:
=-=> Did you know that clones never use mirrors? <=-=
http://lcamtuf.coredump.cx/photo/
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Dec 04 2001 - 15:48:28 PST