Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

CIACTech02-001: Understanding the SSH CRC32 Exploit

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) CIACTech02-001: Understanding the SSH CRC32 Exploit
# 1  
Old 12-24-2007
CIACTech02-001: Understanding the SSH CRC32 Exploit
In recent months, many servers running ssh have been compromised using the SSH CRC32 Compensation Attack Detector. Compromised machines have either not been upgraded to SSH protocol 2 or have not disabled drop back to SSH protocol 1. Use of this attack allows a remote user to gain root access on a server.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread

4 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

List all files with prepended CRC32 (or other) hash code?

I would like to list all files in a directory tree but with a prepended digest hash code (like CRC32). CRC32 is not a MUST. If suitable another hash code can be used as well. In case of CRC32 the listing should look like 3765AC \usr\bin\spool 23CE99 \usr\bin\spool\list.h ... 11AA04... (3 Replies)
Discussion started by: pstein
3 Replies

2. UNIX for Dummies Questions & Answers

cksum does not give me crc32

Is cksum the right command to calculate the crc32 checksum value? I tried it for a number of files now and every time the results dont match. So there is nothing wrong with the file. Also, cksum gives me an all numerical value while crc32 is alpha numeric. What am I doing wrong? Thanks (9 Replies)
Discussion started by: utamav
9 Replies

3. UNIX for Advanced & Expert Users

cksum's and zip's CRC32 algorithm

Hello! For long I used cksum to find file duplicates in linux and darwin. Now I want to make my own program that does all. However I can't seem to find the correct algorithm. zip and cksum claim to use the same algorithm, but the computated sums are not the same. I've already written an... (4 Replies)
Discussion started by: regnevakrad
4 Replies

4. Programming

crc32 info

hello again, does anyone know where i can find some detailed info about the cyclic redundancy check? thx (2 Replies)
Discussion started by: crashnburn
2 Replies
Login or Register to Ask a Question

LEARN ABOUT LINUX

ssh-argv0

SSH-ARGV0(1)						    BSD General Commands Manual 					      SSH-ARGV0(1)

NAME

     ssh-argv0 -- replaces the old ssh command-name as hostname handling

SYNOPSIS

     hostname | user@hostname [-l login_name] [command]

     hostname | user@hostname [-afgknqstvxACNTX1246] [-b bind_address] [-c cipher_spec] [-e escape_char] [-i identity_file] [-l login_name]
     [-m mac_spec] [-o option] [-p port] [-F configfile] [-L port:host:hostport] [-R port:host:hostport] [-D port] [command]

DESCRIPTION

     ssh-argv0 replaces the old ssh command-name as hostname handling.	If you link to this script with a hostname then executing the link is
     equivalent to having executed ssh with that hostname as an argument.  All other arguments are passed to ssh and will be processed normally.

OPTIONS

     See ssh(1).

FILES

     See ssh(1).

AUTHORS

     OpenSSH is a derivative of the original and free ssh 1.2.12 release by Tatu Ylonen.  Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
     Theo de Raadt and Dug Song removed many bugs, re-added newer features and created OpenSSH.  Markus Friedl contributed the support for SSH
     protocol versions 1.5 and 2.0.  Jonathan Amery wrote this ssh-argv0 script and the associated documentation.

SEE ALSO

     ssh(1)

Debian Project							 September 7, 2001						    Debian Project