oka.. corectatzi-ma daca ma inshel... da' securityfocus zice cum ca
-- its the crc32 compensation attack, but the compensation in the fix was vulnerable to a very subtle bug. detailed by the illustrious zalewski (at bindview): http://razor.bindview.com/publish/advisories/adv_ssh1crc.html from the advisory: ** Vulnerable: SSH 1.2.24 - 1.2.31 (ssh.com) -- all versions to date of release of this advisory F-SECURE SSH 1.3.x -- all recent releases OpenSSH prior to 2.3.0 (unless SSH protocol 1 support is disabled) OSSH 1.5.7 (by Bjoern Groenvall) and other ssh1/OpenSSH derived daemons ** Not vulnerable: SSH2 (ssh.com): all 2.x releases NOTE: SSH2 installations with SSH1 fallback support are vulnerable OpenSSH 2.3.0 (problem fixed) SSH 1.2.32 (ssh.com, released 10/22/2001) SSH1 releases prior to 1.2.24 (vulnerable to crc attacks) Cisco SSH (own implementation) LSH (SSH protocol 1 not supported) ** Other SSH daemons: not tested --EOF-- nu am gasit pe nicaieri in afara de rlug ceva despre 3.0.1 vulnerabil btw... -- jay@BSD ~$ telnet 0 22 Trying 0.0.0.0... Connected to 0. Escape character is '^]'. SSH-1.99-OpenSSH_2.9 FreeBSD localisations 20010713 ^] telnet> q Connection closed. jay@BSD ~$ --EOF-- ...this vulnerable u think ? si btw.. upgrade sshd to WHAT???? daca zicetzi ca si 3.0.1 e vulnerabil ??? -- Jaymzu --- Send e-mail to '[EMAIL PROTECTED]' with 'unsubscribe rlug' to unsubscribe from this list.
