lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200309152250.h8FMosXv011190@caligula.anu.edu.au>
From: avalon at caligula.anu.edu.au (Darren Reed)
Subject: new ssh exploit?

In some mail from christopher neitzert, sie said:
> 
> Does anyone know of or have source related to a new, and unpublished ssh
> exploit?  An ISP I work with has filtered all SSH connections due to
> several root level incidents involving ssh. Any information is
> appreciated.

I wonder if this is in any way related to an incident I heard about on
efnet's #openbsd where someone at a european con (hack the planet?)
mentioned that details of a new openssh exploit had been taped to the
openbsd tent (on the outside) whilst all the openbsd ppl were inside,
drunk?

I suppose if there is any merit to that story (and I'd rank it as no
more than heresay myself, but it does paint a good picture of college
level kids :) and it was details of some new vulnerability for which
there is an exploit then it has been around for a while...assuming,
of course, it is the same "bug".

Still, as far as stories go, I like it :)

My $0.02 worth :)

Darren


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ