Am 30. Okt, 2008 schwätzte Lisa Kachold so:
SSH buffer overflow exploit - season to taste:
http://www.milw0rm.org/exploits/6804
Looks like this one is exploiting after authenticating as root. I presume
the idea is that you could auth as someone else and still get root access.
my $user = "root";
my $pass = "yahh";
$ssh2->auth_password($user, $pass) || "[-] Incorrect credentials\n";
Was a die left out?
$ssh2->connect($ip, $port) || die "[-] Unable to connect!\n";
History:
OpenSSH Challenge Response Buffer Overflow:
http://www.securityfocus.com/bid/5093
Report 2001 - updated last Nov 05 2007 02:45PM
Other boundary exploits, kerberos, auth and encryption exploits and overflows
exist making encroachment via SSH trivial.
It's been almost a year since the update with no update on the update :(.
Everybody was too busy reacting to the debian problem?
###
**UPDATE: One of these issues is trivially exploitable and is still
present in OpenSSH 3.5p1 and 3.4p1. Although these reports have not been
confirmed, administrators are advised to implement the OpenSSH
privilege-separation feature as a workaround.
###
I'd think the OpenBSD guys would have denied or confirmed this.
/me switches back to telnet. ;-)
ciao,
der.hans
--
# http://www.LuftHans.com/ http://www.LuftHans.com/Classes/
# "If I want my children to work hard, I better be the hardest working
# person they've ever met. If I want the children to be nice, I better
# be the kindest human being they've ever met." -- Rafe Esquith
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
