Hi Roman, My congratulations to SuSE for jumping on the problem last February, and thanks for your further explanation. As for that list of ssh versions, I think that was taken from one of the attack scripts. The attackers are logging onto port 22 to see if the host is vulnerable, matching the given banner string with this list. Regards, Lew Wolfgang On Wed, 21 Nov 2001, Roman Drahtmueller wrote:
I guess that this is not really all of the truth.
There are two bugs:
1) the crc-32 compensation attack 2) the attack against the faulty fix for the crc-32 compensation attack
Exploitation against 1) is non-trivial, is a man-in-the-middle-attack and will not necessarily result in a full remote compromise.
Exploitation against 2) is non-trivial as well, but it is an attack that anyone can launch, without being in the middle of an already existing connection. We know that this bug is being actively exploited on the internet.
The fix against bug 2):
http://www.suse.de/de/support/security/adv004_ssh.txt available since Feb 16 2001.
Now, Lew, could you please explain me what this list below is supposed to do?