Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Sun, 27 May 2012 23:02:35 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1143941736&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2F0102-exploits%2Fssh1.crc32.txt%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1143941736.1338159755.1338159755.1338159755.1%3B%2B__utmz%3D32867617.1338159755.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/24347/ssh1.crc32.txt http://packetstormsecurity.org/files/24347/ssh1.crc32.txt http://packetstormsecurity.org/files/24347/ssh1.crc32.txt.html Thu, 22 Feb 2001 02:02:18 GMT This article discusses the recently discovered security hole in the crc32 attack detector as found in common ssh packages like OpenSSH and derivatives using the ssh-1 protocol. It is possible to exploit the crc32 hole to gain remote access to accounts without providing any password or to change login-uid if a valid account on the remote machine exists. Includes an exploit in the form of a set of patches to Openssh-2.1.1.