GEN:SID | 1:1811 |
Message | ATTACK-RESPONSES successful gobbles ssh exploit uname |
Summary | This event is generated when a remote user has exploited a flaw in a local SSH server.
|
Impact | Serious
|
Detailed Information | OpenSSH has a flaw in the challenge-response mechanism when configured with either the "PAMAuthenticationViaKbdInt" or the "ChallengeResponseAuthentication" options. This flaw can be exploited by a user who is not authenicated and can lead to the attacker obtaining a root shell.
|
Affected Systems | OpenSSH versions 1.2 to 3.3, Solaris 9.0, IBM Linux Affinity Toolkit, and HP HP-UX Secure Shell A.03.10.
|
Attack Scenarios | An attacker can cause the service to restart or hang, leaving the service unavailable to users.
|
Ease of Attack | Simple. Exploit code available.
|
Corrective Action | Upgrade to latest version of OpenSSH
|
Additional References | Bugtraq: http://www.securityfocus.com/bid/5093
|
Rule References | bugtraq: 5093
cve: 2002-0390
cve: 2002-0639
|