[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Remote root in LSH

To: Jeremiah Cornelius <jeremiah@xxxxxxx>
Subject: Re: [Full-Disclosure] Remote root in LSH
From: Michael Renzmann <security@xxxxxxxxxx>
Date: Fri, 19 Sep 2003 20:41:56 +0200

Hi.

Jeremiah Cornelius wrote:

After reading about a theoretical remote hole in OpenSSH and many
detractors smugly saying that they weren't vulnerable because they run LSH
(a free alternative), I'd like to present a working remote root exploit
against LSH version 1.4.x.
Enjoy.

O.K. Already! You rock.

So, can anyone confirm that the patch which was posted sooner today fixes this probllem?

Bye, Mike

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Remote root in LSH
  - From: Haggis
- Re: [Full-Disclosure] Remote root in LSH
  - From: Jeremiah Cornelius

Prev by Date: RE: [Full-Disclosure] Sample of Swen/Gibe.F Worm
Next by Date: Re: lsh patch (was Re: [Full-Disclosure] new ssh exploit?)
Previous by thread: Re: [Full-Disclosure] Remote root in LSH
Next by thread: [Full-Disclosure] [SECURITY] [DSA-385-1] New hztty packages fix buffer overflows
Index(es):
- Date
- Thread