OpenSSH 3.7.1p2

Jonas Norlander jonas.norlander at ovikonline.com
Thu Sep 25 15:26:13 PDT 2003


On Wed, Sep 24, 2003 at 04:37:38PM -0500, Dagmar d'Surreal wrote:
> On Wed, 2003-09-24 at 16:24, Bully Cillóniz wrote:
> > well i havent seen any proof of concept yet. So i dont know how vital it is 
> > to patch the src code.
> 

Did just saw this in my logs. Anybody know wat this is?

8<---
Sep 24 14:55:21 venus sshd[22729]: Did not receive identification string from 80.132.254.232
Sep 24 16:39:24 venus sshd[23074]: Bad protocol version identification ' û^I^H û^I^H û^I^H û^I^H û^I^H û^I^H û^I^H û^I^H û^I^H û^I^H û^I^H û^I^H û^I^H û^I^H û^I^H û^I^H û^I^H û^I^H û^I^H û^I^H û^I^H û^I^H û^I^H û^I^H û^I^H' from 80.132.254.232
Sep 24 18:21:32 venus sshd[23540]: Bad protocol version identification ' û^I^H û^I^H û^I^H û^I^H û^I^H û^I^H û^I^H û^I^H û^I^H û^I^H û^I^H û^I^H û^I^H û^I^H û^I^H û^I^H û^I^H û^I^H û^I^H û^I^H û^I^H û^I^H û^I^H û^I^H û^I^H' from 80.132.254.232
---

> Well, since the patches are pretty small, someone who actually knows C
> and knows their way around shell code probably wouldn't need to spend
> more than a day coming up with their own working exploit independently
> of the tools that a few people probably already have, even though at the
> current time it's presumed that a non-average configuration has to be in
> effect for these bugs to be vulnerable to remote code execution.  This
> is not to say that with a normal configuration these bugs might not
> represent a DoS vulnerability to the sshd service.
> 
> In any case, flaws in an authentication/access mechanism should always
> have slightly higher priority than normal bugs, so if you've got nothing
> else "on fire" at the moment, upgrading OpenSSH should be at the top of
> your list of things to fix.



More information about the lfs-security mailing list