Information Security News
mailing list archives
Hackers Put A Price Tag On New Attack Tool
From: InfoSec News <isn () c4i org>
Date: Fri, 19 Oct 2001 13:28:39 -0500 (CDT)
By Brian McWilliams, Newsbytes
HOUSTON, TEXAS, U.S.A.,
18 Oct 2001, 4:34 PM CST
A new hacking tool is being actively used by attackers hoping to take
remote control of unpatched Unix-based systems, security experts
The tool appears to exploit a known bug in a popular authentication
technology called Secure Shell (SSH), according to Simple Nomad,
senior security analyst with Bindview Corporation. The security firm's
RAZOR team, a research and development group, discovered the flaw in
the SSH daemon, which it dubbed the crc32 vulnerability, last winter.
In its February advisory, Bindview stated that it was aware of no
working exploits for the overflow flaw in the SSH daemon. But last
week, rumors spread in the hacker underground that scripts were
available to gain "root" or system-level access to vulnerable systems.
And in recent days, system operators have posted reports on security
mailing lists saying they are receiving remote scans from attackers
attempting to locate vulnerable systems running SSH.
According to Roelof Temmingh, technical director for SensePost, an
information security consulting firm, several versions of the SSH
attack scripts have been available over Internet relay chat and other
online forums for approximately one week.
SSH is a technology developed by SSH Communications Security that
enables users to securely log into a remote system and move files. The
protocol is included with several Unix-based commercial operating
systems including Sun Solaris, IBM AIX, and HP-UX.
A free version of the protocol, known as OpenSSH, is integrated into
many open-source Unix-based operating systems, including versions of
Linux and BSD.
While the attack tools exploit a relatively old bug for which patches
were issued months ago, Temmingh reports that one individual was
asking for unspecified financial compensation for sharing the script -
a development which he views as ominous.
"At $1000 an exploit, who are you going to attract? People that will
pay that amount of money must surely be in a situation that will make
it worth their while," said Temmingh.
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.
- Hackers Put A Price Tag On New Attack Tool InfoSec News (Oct 19)