[Snort-sigs] rule documentation for ATTACK-RESPONSES successful gobbles ssh exploit (uname)

Josh.Sakofsky at ...1573... Josh.Sakofsky at ...1573...
Wed Jun 11 11:16:18 EDT 2003


Rule: ATTACK-RESPONSES successful gobbles ssh exploit (uname)

--
Sid: 1811

--
Summary: A remote user has exploited a flaw in a local SSH server.

--
Impact: Serious

--
Detailed Information: OpenSSH has a flaw in the challenge-response 
mechanism when configured with either the "PAMAuthenticationViaKbdInt"
or the "ChallengeResponseAuthentication" options. This flaw can be 
exploited by a user who is not authenicated and can lead to the 
attacker obtainins a root shell.
--
Affected Systems: OpenSSH versions 1.2 to 3.3, Solaris 9.0, IBM Linux 
Affinity Toolkit, and HP HP-UX Secure Shell A.03.10.

--
Attack Scenarios: An attacker can cause the service to restart or hang, 
leaving the service unavailable to users.

--
Ease of Attack: Trivial. Exploit code available.

--
False Positives: None Known

--
False Negatives: None Known

--
Corrective Action: Upgrade to latest version of OpenSSH

--
Contributors: Original rule writer unknown.
              Josh Sakofsky
-- 
Additional References: http://www.securityfocus.com/bid/5093
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20030611/ea2a0745/attachment.html>


More information about the Snort-sigs mailing list