Mailinglist Archive: opensuse-security (685 mails)

< Previous Next >
Re: [suse-security] new SSH xploit
  • From: Stefan Suurmeijer <stefan@xxxxxxxxxxxx>
  • Date: Fri, 01 Mar 2002 15:00:08 +0100
  • Message-id: <3C7F8968.3080706@xxxxxxxxxxxx>
The ssh site (www.ssh.com) states that the attacks that everyone is referring to were all on machines still running SSH1 compatibility (not too smart that), and that versions not running ssh1 compatibility should not be vulnerable. As I haven't had a chance to look at the exploit yet, I don't know if that info is current. Can anyone confirm that the new exploit is for ssh1 only?

Stefan


Michael Appeldorn wrote:

Hi list

According to some entrys in BugTraq and statements here,
there is an sshex binary out the, to attack sshd up 3.x.

Where to get attackers weapon - to play with it and unter-
stand their game.

Michael Appeldorn







< Previous Next >
Follow Ups
References