Just wondering if anyone knows more about this; http://www.pine.nl/advisories/pine-cert-20020301.txt ( OpenSSH versions 2.0 - 3.0.2, Existing users will gain root privileges ) > On Tue, 26 Feb 2002, John Compton wrote: > > Hi, > > > > I recently had a break-in on a redhat linux system. The attacker > > installed what appears to be torn kit, but there was one thing which > > caught my attention. I found a binary named "sshex" on the compromised > > system. I guess this is the exploit used to break in cause most of the > > servers here are kept up-to-date. The system was being used to actively > > scan for ssh servers. > > > > [root@testbox ]# ./sshex > > > > 7350ylonen - x86 ssh2 <= 3.1.0 exploit > > dream team teso > > usage: 7350ylonen [-hd] <-p port> <-t target> <-d packet_delay> host > > > > RH 7.x - SSH-2.0-3.x SSH Secure Shell > > RH 7.x - SSH-2.0-2.x SSH Secure Shell > > RH 6.x - SSH-2.0-2.x SSH Secure Shell > > Slack 8.0 - SSH-2.0-3.x SSH Secure Shell > > SuSE-7.3 - SSH-2.0-3.x SSH Secure Shell > > FreeBSD 4.3 - SSH-2.0-3.x SSH Secure Shell > > FreeBSD 4.3 - SSH-2.0-2.x SSH Secure Shell > > > > It tries to connect to port 22 when I target localhost, but I can't tell > > if sshd is crashing or not as I can't use gdb to attach to the process in > > time. The only SSH vulnerabilities I could find affected SSH1 servers, or > > OpenSSH. Has anyone else found this exploit on their systems or know > > something about it? > > > > _________________________________________________________________ > > Send and receive Hotmail on your mobile device: http://mobile.msn.com
This archive was generated by hypermail 2b30 : Fri Mar 08 2002 - 01:32:05 PST