[12981] in bugtraq
Re: SSH-1.2.27 & RSAREF2 exploit
daemon@ATHENA.MIT.EDU (Speed)
Wed Dec 15 19:42:44 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.3.93.991215160105.3228A-100000@linux.dpilink.com>
Date: Wed, 15 Dec 1999 16:07:11 -0500
Reply-To: Speed <speed@LINUX.DPILINK.COM>
From: Speed <speed@LINUX.DPILINK.COM>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <3856C3EF.230F0AE@core-sdi.com>
Content-Transfer-Encoding: 8bit
However, don't be complacent because this particular exploit is not Kid
Tested. A quite functional exploit of this vulnerability has been around
since at least 1998 (and that is only to my knowledge).
Moral of the story: patch your system or get rid of sshd 1.2.2x
On Tue, 14 Dec 1999, [iso-8859-1] Iván Arce wrote:
> The exploit is more or less "script-kid-proof" since if it doesnt work a
> bit of
> debugging, coding and probably crypto skills are needed to make it work.
