more on the remote ssh exploit (fwd)

E Frank Ball frankb at efball.com
Tue Dec 4 16:30:08 PST 2001


On Fri, Nov 30, 2001 at 10:33:54AM -0800, ME wrote:
} A little research gave me:
} 
} <http://www.openssh.org/security.html>
} * OpenSSH 2.3.0 and newer are not vulnerable to the "Feb 8, 2001: 
} SSH-1 Daemon CRC32 Compensation Attack Detector Vulnerability", RAZOR 
} Bindview Advisory CAN-2001-0144. A buffer overflow in the CRC32 
} compensation attack detector can lead to remote root access. This 
} problem has been fixed in OpenSSH 2.3.0. However, versions prior to 
} 2.3.0 are vulnerable.
} </openssh.org>
} 
} <http://razor.bindview.com/publish/advisories/adv_ssh1crc.html>
} Issue Date: February 8, 2001
} Remotely exploitable vulnerability condition exists in most ssh daemon
}   installations (F-SECURE, OpenSSH, SSH from ssh.com, OSSH).
} Vulnerable:
}  OpenSSH prior to 2.3.0 (unless SSH protocol 1 support is disabled)
} Not vulnerable:
}  OpenSSH 2.3.0 (problem fixed)

ssh1 version ssh-1.2.32 also has the fix.

-- 

   E Frank Ball                efball at efball.com



More information about the talk mailing list