Exploit OpenSSH 2.x/3.0.1/3.0.2 - Channel Code Off-by-One

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
21314
Проверка EDB
  1. Пройдено
Автор
MORGAN
Тип уязвимости
REMOTE
Платформа
UNIX
CVE
cve-2002-0083
Дата публикации
2002-03-07
Код:
source: https://www.securityfocus.com/bid/4241/info

OpenSSH is a suite implementing the SSH protocol. It includes client and server software, and supports ssh and sftp. It was initially developed for BSD, but is also widely used for Linux, Solaris, and other UNIX-like operating systems.

A vulnerability has been announced in some versions of OpenSSH. An off-by-one error occurs in the channel code. A malicious client may exploit this vulnerability by connecting to a vulnerable server. Valid credentials are believed to be required, since the exploitable condition reportedly occurs after successful authentication. An examination of the code suggests this, but it has not been confirmed by the maintainer.

Administrators should assume that this can be exploited without authentication and should patch vulnerable versions immediately. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/21314.tgz
 
Источник
www.exploit-db.com

Похожие темы