lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <200309182211.h8IMBvr26200@eday-fe5.tele2.ee>
From: glast at everyday.com (gordon last)
Subject: new openssh exploit in the wild!

hi readers,
while i was staying idle in an so called 0day release channel on one irc network some scriptkiddies were
talking about an new 0day release.

in my backlog i can see the following:
---cut
08:09 [R4lph]	*** r3t0r (r4lph@xxx) has joined channel #0dayz
08:09 [R4lph]	0day: http://www.anzwers.org/free/m0nkeyhack/0d/
---cut

i looked at this piece of exploit... it is binary so i'am not sure if this is a trojan or a backdoor or a virus. but i can't see anything strange while sniffing the exploit traffic. and i got root on serveral of my openbsd boxes with that. the bruteforcer seems to be very good.

i too looked at "strings theosshucksass" and found nothing suspicious.

this exploit seems to be in the wild (underground) since beginning of august.

thats quite a long time i hope most admins are patching the systems now... because the exploit is getting round faster and faster.

if anyone can reverse engineer this piece it would be great if he posts his resulsts on his list because iam really intressted on the exploiting technique used for that bug.

i cant get an idea on how to exploit this.

hmm...
regards,
glast



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030919/1c13acae/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ