I am worried that if it is an OpenSSH 0day how much damage should I expect. However SANS doesn't seem to think it's real.
James On Thu, Jul 9, 2009 at 12:46 PM, Kaspar Mendev <[email protected]> wrote: > See also their update http://isc.sans.org/diary.html?storyid=6760 > > > Though like frank^2 says, we'll see what we'll see. > > > > ----- Original Message ----- > > From: frank^2 > > Sent: 07/09/09 01:09 am > > To: Anderson Kaiser > > Subject: Re: [Full-disclosure] [Rumor] SSH 0-day > > > On Wed, Jul 8, 2009 at 1:58 PM, Anderson Kaiser wrote: > > 2009/7/8 Martin Spinassi : > >> Hi list, > >> > >> > >> I've been reading around (openssh mailing list, some forums, etc.) a > >> rumor about a 0-day exploit in openssh. Does anybody knows if there is > >> *really* something like this in the wild? > >> > >> > >> Cheers > >> > >> > >> Martin > >> > > > > This attack sounds more like a brute-force attack than a 0-day. You > > can see it in the original post. > > There's also the ominous anonymous comment left by a fellow on a blog: > http://isc.sans.org/diary.html?storyid=6742 > > The significant stuff: "Expect the SSH exploit to be made public > before BH/DC. I have proof that I can't share (sorry), that this > exploit does exist, does not work against current versions of SSH, and > is actively being used by members of the anti-sec movement." > > Signs seem to be pointing to hoax, old exploit or non-exploit, though. > Unfortunately there's really not quite enough information to make an > assessment yet, IMHO. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- http://www.goldwatches.com
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
