NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > FreeBSD Security> 2001-12

From: Przemyslaw Frasunek (venglinfreebsd.lublin.pl)
Date: Sun Dec 02 2001 - 15:42:13 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sunday 02 December 2001 22:39, slamdunk wrote:

> Dec 2 01:02:45 www sshd[15029]: fatal: Local: Corrupted

Yes, this is attempt to exploit remote CRC32 integer overflow. Probably it
wasn't successful if logs were not removed.

> Running SSH Version OpenSSH-1.2.2, protocol version 1.5.
> Compiled with SSL.
> Need I be worried?

This version of OpenSSH is definitely vulnerable, but circulating exploits
probably doesn't 'support' it. Please upgrade as soon as possible to at least
OpenSSH 2.3.0.

-- * Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE * * Inet: przemyslaw

frasunek.com ** PGP: D48684904685DF43EA93AFA13BE170BF *

To Unsubscribe: send mail to majordomoFreeBSD.org with "unsubscribe freebsd-security" in the body of the message

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]