[8386] in bugtraq
SSHD Exploit
daemon@ATHENA.MIT.EDU (Justin Foutts)
Tue Nov 3 22:02:26 1998
Date: Sun, 1 Nov 1998 17:05:07 -0500
Reply-To: Justin Foutts <jfoutts@APOLLO.GTI.NET>
From: Justin Foutts <jfoutts@APOLLO.GTI.NET>
To: BUGTRAQ@NETSPACE.ORG
On a system I administer I found a program named sshdwarez.c in one of my
user's home directories. Upon further inspection I found that this was
the source code of an x86/Linux remote buffer overflow exploit for sshd
versions 1.2.26 and below. I have tested this exploit on a number of my
systems and have obtained remote root access on each one. I will not post
this exploit as it could give crackers a tool to gain unauthorized access
to systems. I STRONGLY recommend that everyone upgrade their versions of
sshd as soon as possible.
Thanks!
Justin
