Fwd: Re: [Full-Disclosure] new ssh exploit?

Mike Tancsa mike at sentex.net
Mon Sep 15 17:52:04 PDT 2003


Has anyone around here heard of this ?

         ---Mike


>Subject: Re: [Full-Disclosure] new ssh exploit?
>From: christopher neitzert <chris at neitzert.com>
>Reply-To: chris at neitzert.com
>To: full-disclosure at lists.netsys.com
>X-Mailer: Ximian Evolution 1.4.3.99
>Sender: full-disclosure-admin at lists.netsys.com
>X-BeenThere: full-disclosure at lists.netsys.com
>X-Mailman-Version: 2.0.12
>List-Unsubscribe: <http://lists.netsys.com/mailman/listinfo/full-disclosure>,
>         <mailto:full-disclosure-request at lists.netsys.com?subject=unsubscribe>
>List-Id: Discussion of security issues <full-disclosure.lists.netsys.com>
>List-Post: <mailto:full-disclosure at lists.netsys.com>
>List-Help: <mailto:full-disclosure-request at lists.netsys.com?subject=help>
>List-Subscribe: <http://lists.netsys.com/mailman/listinfo/full-disclosure>,
>         <mailto:full-disclosure-request at lists.netsys.com?subject=subscribe>
>List-Archive: <http://lists.netsys.com/pipermail/full-disclosure/>
>Date: Mon, 15 Sep 2003 13:48:34 -0400
>X-Virus-Scanned: by Sentex Communications (avscan1/20021227)
>X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)
>
>More on this;
>
>The systems in question are FreeBSD, RedHat, Gentoo, and Debian all
>running the latest versions of OpenSSH.
>
>The attack makes an enormous amount of ssh connections and attempts
>various offsets until it finds one that works permitting root login.
>
>I have received numerous messages from folks requesting anonymity or
>direct-off-list-reply confirming this exploit;
>
>The suggestions I have heard are:
>
>Turn off SSH and
>
>1. upgrade to lsh.
>
>or
>
>2. add explicit rules to your edge devices allowing ssh from only-known
>hosts.
>
>or
>
>3. put ssh behind a VPN on RFC-1918 space.
>
>thanks.
>
>
>
>
>On Mon, 2003-09-15 at 12:02, christopher neitzert wrote:
> > Does anyone know of or have source related to a new, and unpublished ssh
> > exploit?  An ISP I work with has filtered all SSH connections due to
> > several root level incidents involving ssh. Any information is
> > appreciated.
> >
> >
>--
>Christopher Neitzert - GPG Key ID: 7DCC491B

--------------------------------------------------------------------
Mike Tancsa,                          	          tel +1 519 651 3400
Sentex Communications,     			  mike at sentex.net
Providing Internet since 1994                    www.sentex.net
Cambridge, Ontario Canada			  www.sentex.net/mike



More information about the freebsd-security mailing list