Slashdot Mirror


New ssh Exploit in the Wild

veg writes "In the last few hours there have been several reports of a new ssh bug, with an exploit seemingly in the wild. Oh god not again... The lengths some people will goto to try and damage Theo's pride." Update: 09/17 00:24 GMT by T : friscolr writes "Hot on the heels of rev 1 of the buffer.adv advisory, here is revision 2, which fixes more than revision 1 did. Also see the 3.7.1 release notes."

19 of 754 comments (clear)

  1. Uh oh by Anonymous Coward · · Score: 5, Funny

    Best patch and upgr..&*[NO CARRIER]

  2. Public Service by Morologous · · Score: 5, Funny

    Posting this to slashdot is actually a public service, as the exploit description will be /.'d and unable to effectively be disseminated to the bad actors.

  3. Telnet by Henry+V+.009 · · Score: 5, Funny

    Thank god I'm using something secure like Telnet instead.

    1. Re:Telnet by fliplap · · Score: 2, Funny

      too bad you're running a stock Solaris installation!

  4. guess who by dwakeman · · Score: 5, Funny

    Damn trinity and her sshnuke...

  5. I saw this exploit used by teamhasnoi · · Score: 5, Funny
    I was at the local library, and some kids were on a computer, talking loudly. They seemed to be rather excited about something.

    A librarian peeked around the corner to see where the noise was coming from, then put her finger to her lips and said, "Ssh!"

    The kids ignored her and kept talking, completely and utterly exploiting the hole, and circumventing the 'Ssh'!

    Never was I so frightened.

  6. Re:Suggestions for a newbie? by p3d0 · · Score: 2, Funny
    tell them they are morons from AC on \.
    On backslashdot?
    --
    Patrick Doyle
    I mod down every jackass who puts his moderation policy in his sig. Oh, wait a sec....
  7. WOW!! by narratorDan · · Score: 4, Funny

    I just read all these replies (about 15 right now) and all of them are nice and respectfull of the fact that this guy is a newbie!
    I must be on the wrong site.

    NarratorDan

    --
    "If you're not confused by quantum mechanics, you really don't understand it." - Niels Bohr
  8. Re:deceit by danormsby · · Score: 5, Funny

    Ssh, don't tell anyone.

    --
    Omnis amans amens
  9. Re:Does this effect Cygwin??? by funkman · · Score: 5, Funny

    You are already running windows. You have more serious problems.

  10. This is precisely... by devphil · · Score: 3, Funny


    ...why I always go back and add security holes to all of my programs. If some future (or current) anti-regime hacker needs to be able to break into a local power plant, I want to make sure my code can help!

    [I considered signing this post "love, Theo" but then thought better of it.]

    --
    You cannot apply a technological solution to a sociological problem. (Edwards' Law)
  11. Re:MOD PARENT DOWN by Syberghost · · Score: 5, Funny

    A demonstration would be nice.

    It'd serve you right if he gave you one. :-)

  12. Re:install base by ryanvm · · Score: 4, Funny

    The only really secure server is buried in concrete, unlugged and at the bottom of the deepest trench in the ocean. It's *probably* secure there, but I wouldn't bet my life on it.

    That's okay, I will.

    I bet this guy's life that a server on the bottom of the ocean is secure.

  13. Re:Uh oh - no funny by theLOUDroom · · Score: 4, Funny

    Yeah those "NO CARRIER" jokes just aren't fun@~%4!.z^%r#$% NO CARRIER

    --
    Life is too short to proofread.
  14. Re:Suggestions for a newbie? by metamatic · · Score: 2, Funny

    Something you seem to have missed is that Linux is open source, making it much easier to find exploitable holes. Imagine how many exploits would be uncovered in Windows if we could read the source code.

    In fact, you don't need to imagine it. Microsoft are on the record as stating that it's one of the reasons why they can't possibly reveal Windows source mode widely.

    --
    GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
  15. Theres little time by JamesP · · Score: 2, Funny

    1. Make lsh incompatible w SCO UNIX
    2. ???
    3. WTF?
    4. Profit!!!

    --
    how long until /. fixes commenting on Chrome?
  16. Re:GOOD!! Red Hat, fix your RPMs!! by Zigg · · Score: 3, Funny

    I think you mean:

    Gentoo

    emerge ssh

    * GentooLamer has joined #gentoo
    <GentooLamer> recompiling ssh right now, got some good pr0n to watch in the meantime
    <fomit-instructions> yeah me too
    <gcc-O9> I'm out of pr0n I compiled KDE last week

  17. Re:See this comment for BSD patch and info by Jahf · · Score: 3, Funny

    don't you automatically trust flyingbuttmonkeys.com?

    --
    It is more productive to voice thoughtful opinions (reply) than to judge (moderate) others.
  18. Re:mod parent up please by mkldev · · Score: 2, Funny
    Or somebody rooted Neils's box due to an OpenSSH exploit.... :-D

    --
    120 character sigs suck. Make it 250.