[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] new ssh exploit?

To: chris@xxxxxxxxxxxx
Subject: Re: [Full-Disclosure] new ssh exploit?
From: Darren Reed <avalon@xxxxxxxxxxxxxxxxxxx>
Date: Tue, 16 Sep 2003 08:50:54 +1000 (Australia/ACT)

In some mail from christopher neitzert, sie said:
> 
> Does anyone know of or have source related to a new, and unpublished ssh
> exploit?  An ISP I work with has filtered all SSH connections due to
> several root level incidents involving ssh. Any information is
> appreciated.

I wonder if this is in any way related to an incident I heard about on
efnet's #openbsd where someone at a european con (hack the planet?)
mentioned that details of a new openssh exploit had been taped to the
openbsd tent (on the outside) whilst all the openbsd ppl were inside,
drunk?

I suppose if there is any merit to that story (and I'd rank it as no
more than heresay myself, but it does paint a good picture of college
level kids :) and it was details of some new vulnerability for which
there is an exploit then it has been around for a while...assuming,
of course, it is the same "bug".

Still, as far as stories go, I like it :)

My $0.02 worth :)

Darren

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] new ssh exploit?
  - From: christopher neitzert

Prev by Date: Re: [Full-Disclosure] IE Object Type Validation Vulnerability Exploit
Next by Date: Re: [Full-Disclosure] IE Object Type Validation Vulnerability Exploit
Previous by thread: RE: [Full-Disclosure] new ssh exploit?
Next by thread: Re: [Full-Disclosure] Blocking Music Sharing
Index(es):
- Date
- Thread