LinuxNews.pl: SSH bugFeb 10, 2001, 21:00 (2 Talkback[s])
[ Thanks to linuxnews.pl for this link. ]
"A vulnerability which can be very dangerous for lot of *nix servers has been descovered. Bug is in the ssh server, and it can be used to perform remote root exploit. Problem concerns all ssh versions form ssh.com, OpenSSH < 2.3.0 and ssh from f-secure."
"Being sentenced to use MS Windows 2000 for past week or so, I've finally managed to install Linux on my workstation. Unfortunately, as I've been really frustrated by all the paperclips and so on, I've decided to spend this night on something more productive than idling on irc. And it happened. To be short:"
"Both OpenSSH and 'classical' ssh daemons are vulnerable to remote arbitrary memory overwrite attack, which would, in my humble opinion, lead to direct root compromise. I haven't exploited it, and I have no slightiest will to do it (I guess the last thing we need is an exploit flying in the wild)... Certainly it requires attacker to understand SSH algorithms and internals, and isn't just a copy-and-paste programming. This attack can be performed without almost any knowledge about victim machine."