On Tue, 26 Feb 2002, John Compton wrote: > [root@testbox ]# ./sshex > > 7350ylonen - x86 ssh2 <= 3.1.0 exploit > dream team teso > usage: 7350ylonen [-hd] <-p port> <-t target> <-d packet_delay> host > > It tries to connect to port 22 when I target localhost, but I can't tell if > sshd is crashing or not as I can't use gdb to attach to the process in time. > The only SSH vulnerabilities I could find affected SSH1 servers, or > OpenSSH. Has anyone else found this exploit on their systems or know > something about it? I can confirm that this is circulating, it seems to only affect the commercial SSH.com code, which limits the impact somewhat, because most opensource os's use openssh instead. -- Sten Spans "What does one do with ones money, when there is no more empty rackspace ?"
This archive was generated by hypermail 2b30 : Wed Feb 27 2002 - 17:32:23 PST