Re: lug-bg: [Fwd: [Full-Disclosure] Remote root in LSH]

[Ivan Dimitrov <dobber@xxxxxxxxxx>]

oshte edin DoS prepraten ot sushtiq maillist. raboti i na 1.4. versii

From Full Disclosure
<cut>
Better question; thanks to a tip from a friend, I can provide
concrete evidence to the contrary.

This command:

    dd if=/dev/urandom bs=1024 count=1|nc <hostname> 22 >/dev/null

takes down an lsh-1.5.2 reliably taking no more than 2-3 tries on
average.

The same, both in the above form and with 10kb of urandom per blat,
doesn't bother openssh-3.7.1 for hundreds of tries.

I tried emailing this to lsh-bugs, got some moronic thing from some
idiot third-party anti-spam service "please send this special email
to this special place and we might think about letting your message
through". Right.

So much for lshd, at least for now. Back to the patch-n-grind of
openssh.
<cut>

On Fri, 2003-09-19 at 15:34, Boris Jordanov wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Ако някой се е чувствал сигурен, защото ползва LSH...
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
> 
> iD8DBQE/avfkKDHlLar/ewgRAmzzAJ9SmyyQTIZJtdP5aTCmiVBJ23jgawCeKSyk
> Th2e+TvXVv0+CcXZhi9gjd8=
> =4Abg
> -----END PGP SIGNATURE-----
> 
> 
> ______________________________________________________________________
> From: Haggis <haggis@xxxxxxxxxxxxxxxxxxxxxx>
> To: full-disclosure@xxxxxxxxxxxxxxxx
> Subject: [Full-Disclosure] Remote root in LSH
> Date: Fri, 19 Sep 2003 12:57:30 +0000
> 
> 
> After reading about a theoretical remote hole in OpenSSH and many detractors 
> smugly saying that they weren't vulnerable because they run LSH (a free 
> alternative), I'd like to present a working remote root exploit against LSH 
> version 1.4.x.
> 
> Enjoy.
-- 

Hi! I'm your friendly neighbourhood signature virus.
Copy me to your signature file and help me spread!

Attachment: signature.asc
Description: This is a digitally signed message part