[NBLUG/talk] openssh exploit?

Mitch Patenaude mrp at sonic.net
Tue Sep 16 10:42:09 PDT 2003


On Tuesday, Sep 16, 2003, at 10:31 US/Pacific, Daniel Smith wrote:

>>  >>a) how serious is the openssh
>>  >>problem, and b) the idea of switching to lsh?
>>
>
> Before someone goes into "duh, a root login is
> serious" mode, let me rephrase that :-)
>
> "is it a wide open, easy to exploit hole, or is
> it something more theoretical?"

According to the buzz (Slashdot and the full disclosure list), there is 
an active exploit in the wild -- a worm.  Several ISPs have starting 
blocking port 22 both because of root exploits on their servers, and 
because the worm actively makes MANY connection requests looking for 
the right offset, creating a DOS.

I've shut off forwarding to port 22 on my firewall for now.  
Apparently, OpenSSH 3.7 fixes this bug (buffer overflow in buffer.c, 
the exploit is apparently from reverse engineering the fix.)  But I 
can't find 3.7 on any of the mirrors, and the main site is overwhelmed 
(unsurprisingly.)

   -- Mitch




More information about the talk mailing list