Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:1812 |
Message | EXPLOIT gobbles SSH exploit attempt |
Summary | Secure Shell (SSH) is used to remotely manage systems over encrypted TCP sessions. This event is generated when an attempt is made to exploit vulnerable versions of the SSH daemon. |
Impact | System compromize presenting the attacker with either the opportunity to execute arbitrary code with the privileges of the user running the SSH daemon (usually root) or a possible Denial of Service (DoS). |
Detailed Information | OpenSSH versions prior to 3.3 contain a flaw that could allow a remote attacker to compromise a vulnerable SSH daemon via an integer overflow on systems with BSD_AUTH or SKEY options compiled and PAM authentication or Challenge Response Authentication enabled. Affected Systems: OpenSSH versions 2.9 to 3.2 |
Affected Systems | |
Attack Scenarios | Exploit scripts are available |
Ease of Attack | Simple. Exploits are available. |
Corrective Action | Upgrade to the latest non-affected version of the software. Apply the appropriate vendor supplied patches. Enable the privilege separation option in OpenSSH 3.3 if possible. |
Additional References | Securityfocus: http://www.securityfocus.com/bid/5093 |
Rule References | bugtraq: 5093 cve: 11031 cve: 2002-0390 cve: 2002-0639 |
--
DID:465829
--
http://www.aanval.com/