| GEN:SID | 1:1811 |
| Message | ATTACK-RESPONSES successful gobbles ssh exploit uname |
| Summary | This event is generated when a remote user has exploited a flaw in a local SSH server.
|
| Impact | Serious
|
| Detailed Information | OpenSSH has a flaw in the challenge-response mechanism when configured with either the "PAMAuthenticationViaKbdInt" or the "ChallengeResponseAuthentication" options. This flaw can be exploited by a user who is not authenicated and can lead to the attacker obtaining a root shell.
|
| Affected Systems | OpenSSH versions 1.2 to 3.3, Solaris 9.0, IBM Linux Affinity Toolkit, and HP HP-UX Secure Shell A.03.10.
|
| Attack Scenarios | An attacker can cause the service to restart or hang, leaving the service unavailable to users.
|
| Ease of Attack | Simple. Exploit code available.
|
| Corrective Action | Upgrade to latest version of OpenSSH
|
| Additional References | Bugtraq: http://www.securityfocus.com/bid/5093
|
| Rule References | bugtraq: 5093
cve: 2002-0390
cve: 2002-0639
|