October 3rd, 2002, 08:12 PM
Im sure most of you are aware all the ssh exploits and I wanted to let this community know that openssh 3.4 IS exploitable. There is a big fatty 0 day exploit that is being coded and we have compromised several of our own machines just to prove that it could be done. We our putting our finishing touches up on the exploit but i thought id give ya'll a heads up.
Just remember nothing is unbreakable.
October 3rd, 2002, 08:16 PM
Hopefully you'll post the exploit up online AFTER you've possibly created a patch for it.
(openssh is an opensource project as far as I remember, so this can be done I imagine. PM me/post here if I'm wrong, though.)
...This Space For Rent.
October 3rd, 2002, 08:26 PM
Yes, I would definitely be interested in that information, as would most of the AO community I'm sure. Thanks for the heads up.
Opinions are like
holes - everybody\'s got\'em.
October 10th, 2002, 09:29 PM
Thanks for the heads up man
October 10th, 2002, 09:38 PM
Thank you for letting us know, as many of us probably use or have some involvement with SSH in any way, shape, or form. Thank you and I hope that you can post more vulnerabilities as time progress'es as it is nice to know when they come out.
October 10th, 2002, 11:05 PM
I got my doubts on this one...
Besides, 7 days and still nothing...
Credit travels up, blame travels down -- The Boss