[12971] in bugtraq
Re: SSH-1.2.27 & RSAREF2 exploit
daemon@ATHENA.MIT.EDU (Wakko Ellington Warner-Warner III)
Wed Dec 15 13:22:26 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=X-UNKNOWN
Message-Id: <Pine.LNX.4.02.9912150445350.27309-100000@wakko.bitey.net>
Date: Wed, 15 Dec 1999 04:50:08 -0500
Reply-To: Wakko Ellington Warner-Warner III <wakko@WTOWER.COM>
From: Wakko Ellington Warner-Warner III <wakko@WTOWER.COM>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <3856C3EF.230F0AE@core-sdi.com>
Content-Transfer-Encoding: 8bit
On Tue, 14 Dec 1999, [iso-8859-1] Iván Arce wrote:
> Ok, here is the exploit for SSH-1.2.27 compiled with RSAREF2.
> It was tested against sshd running on Linux (Redhat 6.0) and OpenBSD
> 2.6,
> from a Linux Redhat 6.0 box.
> The exploit is more or less "script-kid-proof" since if it doesnt work a
> bit of
> debugging, coding and probably crypto skills are needed to make it work.
Why was the code even posted to the list if it's basically useless? I
wanted to check out my own machine with a working exploit, and I'm sure
most of the people that read this list wanted to do the same. Now we're
going to have to wait for someone to take the time to "fix" your code up
and repost it to the list in working form. Posting broken code that
anything beyond a trivial amount of work won't fix is just a waste of
time.
- Alex Prestin
--
"Despite the fact that all of my information about drugs is either
anecdotal or based on biased, often wildly inaccurate propaganda, I
think I am completely qualified to label all those who use drugs as
unworthy of the full-human status that I claim just for having a
beating heart (pumping squeaky-clean blood, no less!)" - seen on /.
- - - -36- - - -
NIC: AP5514 http://bitey.net wakko@bitey.net
