[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OpenSSH - remote exploit - any reported cases?



On Thu, Jul 11, 2002 at 06:00:44AM -0600, Kurt Seifried wrote:
> Just that. Are there any reported cases of remote compromise of a system
due
> to the challenge response bug (any system, openbsd or otherwise)? Or even
> good suspicious cases?
>
> In other words did anyone actually actively exploit the first remote hole
in
> the default install in 6 years?
>
> Kurt Seifried, kurt_(_at_)_seifried_(_dot_)_org
> A15B BEE5 B391 B9AD B0EF
> AEB0 AD63 0B4E AD56 E574
> http://seifried.org/security/

Some may argue the relevance of this, but this guy setup a Honeypot
using OpenBSD 3.0 and was soon compromised.  Twice even.

http://www.lucidic.net/whitepapers/manuzis-7-5-2002-1.html

--
Taveren (Ren West)
http://www.killdash9.org
GPG Public key - http://www.killdash9.org/taveren_gpgkey.pub

[demime 0.98d removed an attachment of type application/pgp-signature]