GEN:SID 1:1812
Message EXPLOIT gobbles SSH exploit attempt
Summary Secure Shell (SSH) is used to remotely manage systems over encrypted TCP
sessions. This event is generated when an attempt is made to exploit
vulnerable versions of the SSH daemon.
Impact System compromize presenting the attacker with either the opportunity to
execute arbitrary code with the privileges of the user running the SSH daemon (usually root) or a possible Denial of Service (DoS).
Detailed Information OpenSSH versions prior to 3.3 contain a flaw that could allow a remote attacker to compromise a vulnerable SSH daemon via an integer overflow on systems with BSD_AUTH or SKEY options compiled and PAM authentication or Challenge Response Authentication enabled.

Affected Systems:
    OpenSSH versions 2.9 to 3.2
Affected Systems  
Attack Scenarios Exploit scripts are available
Ease of Attack Simple. Exploits are available.
Corrective Action Upgrade to the latest non-affected version of the software.

Apply the appropriate vendor supplied patches.

Enable the privilege separation option in OpenSSH 3.3 if possible.
Additional References Securityfocus:
http://www.securityfocus.com/bid/5093
Rule References bugtraq: 5093
cve: 2002-0390
cve: 2002-0639