[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OpenSSH - remote exploit - any reported cases?



Hello,
	My firewall might have been compromised. It went down about a week
ago and I use a cryptocard based challenge-reponse login. However since it
is at another location and of little importance I haven't bothered to get my
but over to it and check the logs. I'll get back to misc later.

// Jörgen Boberg

-----Original Message-----
From: Kurt Seifried [mailto:openbsd_(_at_)_seifried_(_dot_)_org]
Sent: Thursday, July 11, 2002 2:01 PM
To: misc_(_at_)_openbsd_(_dot_)_org
Subject: OpenSSH - remote exploit - any reported cases?


Just that. Are there any reported cases of remote compromise of a system due
to the challenge response bug (any system, openbsd or otherwise)? Or even
good suspicious cases?

In other words did anyone actually actively exploit the first remote hole in
the default install in 6 years?

Kurt Seifried, kurt_(_at_)_seifried_(_dot_)_org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/



Visit your host, monkey.org