[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] [Rumor] SSH 0-day

To: Anderson Kaiser <alpkaiser@xxxxxxxxx>
Subject: Re: [Full-disclosure] [Rumor] SSH 0-day
From: "frank^2" <frank2@xxxxxxxxx>
Date: Wed, 8 Jul 2009 16:09:31 -0700

On Wed, Jul 8, 2009 at 1:58 PM, Anderson Kaiser<alpkaiser@xxxxxxxxx> wrote:
> 2009/7/8 Martin Spinassi <martins.listz@xxxxxxxxx>:
>> Hi list,
>>
>>
>> I've been reading around (openssh mailing list, some forums, etc.) a
>> rumor about a 0-day exploit in openssh. Does anybody knows if there is
>> *really* something like this in the wild?
>>
>>
>> Cheers
>>
>>
>> Martin
>>
>
> This attack sounds more like a brute-force attack than a 0-day. You
> can see it in the original post.

There's also the ominous anonymous comment left by a fellow on a blog:
http://isc.sans.org/diary.html?storyid=6742

The significant stuff: "Expect the SSH exploit to be made public
before BH/DC. I have proof that I can't share (sorry), that this
exploit does exist, does not work against current versions of SSH, and
is actively being used by members of the anti-sec movement."

Signs seem to be pointing to hoax, old exploit or non-exploit, though.
Unfortunately there's really not quite enough information to make an
assessment yet, IMHO.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] [Rumor] SSH 0-day
  - From: Martin Spinassi
- Re: [Full-disclosure] [Rumor] SSH 0-day
  - From: Anderson Kaiser

Prev by Date: [Full-disclosure] MySQL <= 5.0.45 post auth format string vulnerability
Next by Date: [Full-disclosure] Lotus Sametime User Enumeration Vulnerability - Security Advisory - SOS-09-004
Previous by thread: Re: [Full-disclosure] [Rumor] SSH 0-day
Next by thread: Re: [Full-disclosure] [Rumor] SSH 0-day
Index(es):
- Date
- Thread