Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:1811 |
Message | ATTACK-RESPONSES successful gobbles ssh exploit uname |
Summary | This event is generated when a remote user has exploited a flaw in a local SSH server. |
Impact | Serious |
Detailed Information | OpenSSH has a flaw in the challenge-response mechanism when configured with either the "PAMAuthenticationViaKbdInt" or the "ChallengeResponseAuthentication" options. This flaw can be exploited by a user who is not authenicated and can lead to the attacker obtaining a root shell. |
Affected Systems | OpenSSH versions 1.2 to 3.3, Solaris 9.0, IBM Linux Affinity Toolkit, and HP HP-UX Secure Shell A.03.10. |
Attack Scenarios | An attacker can cause the service to restart or hang, leaving the service unavailable to users. |
Ease of Attack | Simple. Exploit code available. |
Corrective Action | Upgrade to latest version of OpenSSH |
Additional References | Bugtraq: http://www.securityfocus.com/bid/5093 |
Rule References | bugtraq: 5093 cve: 2002-0390 cve: 2002-0639 nessus: 11031 |
--
DID:504070
--
http://www.aanval.com/