GEN:SID 1:1811
Message ATTACK-RESPONSES successful gobbles ssh exploit uname
Summary This event is generated when a remote user has exploited a flaw in a
local SSH server.
Impact Serious
Detailed Information OpenSSH has a flaw in the challenge-response mechanism when configured
with either the "PAMAuthenticationViaKbdInt" or the
"ChallengeResponseAuthentication" options. This flaw can be exploited by
a user who is not authenicated and can lead to the attacker obtaining a
root shell.
Affected Systems OpenSSH versions 1.2 to 3.3, Solaris 9.0, IBM Linux
Affinity Toolkit, and HP HP-UX Secure Shell A.03.10.
Attack Scenarios An attacker can cause the service to restart or hang, leaving the
service unavailable to users.
Ease of Attack Simple. Exploit code available.
Corrective Action Upgrade to latest version of OpenSSH
Additional References Bugtraq:
http://www.securityfocus.com/bid/5093
Rule References bugtraq: 5093
cve: 2002-0390
cve: 2002-0639