Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] ssh reminder
  • From: "Kurt Seifried" <listuser@xxxxxxxxxxxx>
  • Date: Sun, 13 Jan 2002 22:55:36 -0700
  • Message-id: <002301c19cc0$16b81060$6400030a@xxxxxxxxxxxx>
The exploit code works great, and still has a ton of victims to hit =). I've
been scanned a whack of times already on my cablemodem, dsl and cohosted
machines (i.e. it's pretty active).


Kurt Seifried, kurt@xxxxxxxxxxxx
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://www.seifried.org/security/


----- Original Message -----
From: "Thomas Lamy" <Thomas.Lamy@xxxxxxxxxx>
To: <suse-security@xxxxxxxx>
Sent: Sunday, January 13, 2002 10:51 PM
Subject: [suse-security] ssh reminder


> Hi all,
>
> just to remind some of the lazy ones out there: the ssh crc32 compensation
> attack is (again) actively being exploitet. From one attack I have
actively
> monitored, there were about 10 machines compromized in one night, after
> being scanned some days before. I phoned some of the admins, and most of
> them knowed that the problem exists (most of them were running SuSE 7.0),
> but were too lazy to fix it.
>
> See:
> http://www.suse.de/de/support/security/2001_045_openssh_txt.txt
> http://www.suse.de/de/support/security/2001_044_openssh_txt.txt
> http://www.suse.de/de/support/security/adv004_ssh.txt
> http://www.suse.de/de/support/security/2000_047_openssh_txt.txt
> http://defaced.alldas.de/mirror/2002/01/10/accounting.nordwest.net/
> http://defaced.alldas.de/mirror/2002/01/10/custmx.ingolstadt-online.net/
> http://defaced.alldas.de/mirror/2001/12/30/spider.tmag.de/
>
> Cu,
> Thomas
>
> --
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx
>


< Previous Next >
Follow Ups
References