1 Mar
2002
1 Mar
'02
14:00
The ssh site (www.ssh.com) states that the attacks that everyone is referring to were all on machines still running SSH1 compatibility (not too smart that), and that versions not running ssh1 compatibility should not be vulnerable. As I haven't had a chance to look at the exploit yet, I don't know if that info is current. Can anyone confirm that the new exploit is for ssh1 only? Stefan Michael Appeldorn wrote:
Hi list
According to some entrys in BugTraq and statements here, there is an sshex binary out the, to attack sshd up 3.x.
Where to get attackers weapon - to play with it and unter- stand their game.
Michael Appeldorn