Re: HEAD's UP: possible 0day SSH exploit in the wild

To: debian-security@lists.debian.org
Cc: debian-security <debian-security@lists.debian.org>
Subject: Re: HEAD's UP: possible 0day SSH exploit in the wild
From: Rafael Moraes <rafael@bsd.com.br>
Date: Wed, 8 Jul 2009 12:14:15 -0300
Message-id: <[🔎] 5344ee8d0907080814x1a155b54n8298267c13b5b86d@mail.gmail.com>
Reply-to: rafael@bsd.com.br
In-reply-to: <[🔎] f9971d420907080811ob5aa5a2i68f611f65aaf8b1f@mail.gmail.com>
References: <[🔎] 4A53AD2B.4080500@techsupport.lt> <[🔎] 4A53B1CF.509@abi007.info> <[🔎] f9971d420907071415m306cb47bhad3619ee288b20e4@mail.gmail.com> <[🔎] a701f7720907071420q43aaf21er63e3d405a184c1fa@mail.gmail.com> <[🔎] f9971d420907080736w4c2d31bbh441825661979d2b6@mail.gmail.com> <[🔎] 20090708143825.GF2565@gamma.logic.tuwien.ac.at> <[🔎] f9971d420907080811ob5aa5a2i68f611f65aaf8b1f@mail.gmail.com>

just update it!

2009/7/8 Leandro Minatel <leandrominatel@gmail.com>

On Wed, Jul 8, 2009 at 11:38 AM, Norbert Preining <preining@logic.at> wrote:

On Mi, 08 Jul 2009, Leandro Minatel wrote:
> Right you are!, but, don't forget that there are more than 65500 ports to

??? Are you talking about trying the exploit on every single port? Then
they would really be stupid. Calling nmap makes that much faster.

No the code must be fixed if there is a hole, nothing else helps but
turing off ssh.

Best wishes

Norbert

-------------------------------------------------------------------------------
Dr. Norbert Preining <preining@logic.at> Vienna University of Technology
Debian Developer <preining@debian.org> Debian TeX Group
gpg DSA: 0x09C5B094 fp: 14DF 2E6C 0307 BE6D AD76 A9C0 D2BF 4AA3 09C5 B094
-------------------------------------------------------------------------------
LUSBY (n.)
The fold of flesh pushing forward over the top of a bra which is too
small for the lady inside it.
--- Douglas Adams, The Meaning of Liff

--
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

No, of course not. Maybe I expressed myself "not in a proper way", sorry, english is not my natural language. AFAIK, nmap, by default, scan ports from 1 to 1024 and those listed in nmap-services. This allows me to "hide" ssh-server for the majority of mortals.

BTW, I agree with you, the code must be fixed, no doubt at all.

Regards
Leandro

Reply to:

Follow-Ups:
- Re: HEAD's UP: possible 0day SSH exploit in the wild
  - From: Roger Bumgarner <roger.bumgarner@gmail.com>

References:
- Re: HEAD's UP: possible 0day SSH exploit in the wild
  - From: "Ramunas / techsupport.lt" <ramunas@techsupport.lt>
- Re: HEAD's UP: possible 0day SSH exploit in the wild
  - From: Justus <justus@abi007.info>
- Re: HEAD's UP: possible 0day SSH exploit in the wild
  - From: Leandro Minatel <leandrominatel@gmail.com>
- Re: HEAD's UP: possible 0day SSH exploit in the wild
  - From: Jeroen van Drongelen <jeroen@naturewebdesign.eu>
- Re: HEAD's UP: possible 0day SSH exploit in the wild
  - From: Leandro Minatel <leandrominatel@gmail.com>
- Re: HEAD's UP: possible 0day SSH exploit in the wild
  - From: Norbert Preining <preining@logic.at>
- Re: HEAD's UP: possible 0day SSH exploit in the wild
  - From: Leandro Minatel <leandrominatel@gmail.com>

Prev by Date: Re: HEAD's UP: possible 0day SSH exploit in the wild
Next by Date: Re: HEAD's UP: possible 0day SSH exploit in the wild
Previous by thread: Re: HEAD's UP: possible 0day SSH exploit in the wild
Next by thread: Re: HEAD's UP: possible 0day SSH exploit in the wild
Index(es):
- Date
- Thread