Re: [Nolug] Re: [brlug-general] I hope everyone has either patched or secured their SSH servers.

From: Alex <alex_at_boxchain.com>
Date: Tue, 16 Sep 2003 19:39:13 -0500
Message-ID: <3F67AD31.3040504@boxchain.com>

Scott Harney wrote:
> This confluence of events coupled with the critical nature of the ssh
> service is a big deal in my book. some discussion on the list assert
> that it is not an exploitable hole but a DoS (sshd will crash). That's still
> a big deal in my book.

It doesn't take long at all to write an exploit for a published buffer
overflow. You want a link? EFNet.

And even though it's not an exploit, but a Dos, that'll really cause
problems to people who remote admin their boxen. Especially coupled
with an established exploit, so the admin can't login to patch things up
while their machine remains under the control of some whacker.

-- 
Alex McKenzie     alex@boxchain.com     http://www.boxchain.com
___________________
Nolug mailing list
nolug@nolug.org
Received on 09/16/03

This archive was generated by hypermail 2.2.0 : 12/19/08 EST