Recent breakins / SSHD root hole?

Markus Friedl Markus.Friedl at informatik.uni-erlangen.de
Tue Jun 5 19:30:46 EST 2001


> the cracker used
> a weakness in the ssh daemon (OpenSSH 2.2) to gain root privileges."

we've been talking to some apache developers, at they said that it is
likely that the attacker gained root access by exploiting the
crc/malloc(0) bug in their old OpenSSH 2.2 daemon. this bug has been
mentioned earlier, may SSH v1 implementations suffer from the same bug.
the bug has been fixed in OpenSSH 2.3.1.



More information about the openssh-unix-dev mailing list