and from reading the security advisory it looks like it's a DOS vuln, but NOT a remote root
quoting FreeBSD Security Advisory FreeBSD-SA-03:12.openssh """ When a packet is received that is larger than the space remaining in the currently allocated buffer, OpenSSH's buffer management attempts to reallocate a larger buffer. During this process, the recorded size of the buffer is increased. The new size is then range checked. If the range check fails, then fatal() is called to cleanup and exit. In some cases, the cleanup code will attempt to zero and free the buffer that just had its recorded size (but not actual allocation) increased. As a result, memory outside of the allocated buffer will be overwritten with NUL bytes.
III. Impact
A remote attacker can cause OpenSSH to crash. The bug is not believed to be exploitable for code execution on FreeBSD.
"""
I have seen reports of a remote-root exploit, but not confirmed ones.
still, serious though.
On Tuesday, September 16, 2003, at 03:30 PM, Grigsby, Garl wrote:
I am assuming that most of you have heard that there is a) a new SSH vulnerability and b) that there appears to be an exploit available. (See the link below for more information).
What I would like to know is if anybody has seen somewhere I can get my hands on the exploit. I would like to see what it looks like when it attacks a machine. A friend of my might have already been hit. He saw some unusual activity on his system and pulled the network connection, but we are not sure if he has been root'd or not. I would like to try this on one of my systems and see what shows in the logs.
Thanks, Garl
http://slashdot.org/articles/03/09/16/1327248.shtml?tid=126&tid=172
======================================================================= Garl R. Grigsby Senior Customer Applications Engineer - I-DEAS CAE & FEMAP Support ----------------------------------------------------------------------- EDS PLM Solutions Phone: (800) 955-0000 Global Technical Access Center FAX: (541) 342-8277 1750 Willow Creek Circle Email: [EMAIL PROTECTED] Eugene, OR 97402 Internet: http://support.plms-eds.com ======================================================================= -FEA makes a good engineer great, and a poor engineer dangerous- =======================================================================
_______________________________________________ EuG-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
-- "The Internet is falling" --C. Little 2003
_______________________________________________ EuG-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
