SSH has a security issue. Discovered in February, 2001 by security
analyst Michal Zalewski, the SSH CRC-32 bug is a very real buffer
overflow in a chunk of code designed to guard against cryptographic
attacks on SSH version one. Properly exploited, it grants full remote
access to the vulnerable machine.
"I think there are at least two public exploits in circulation right
now," said Zalewski, in a telephone interview. "They just got released
about a month after the advisory. And I know there are some that are not
public."
The actual program Trinity uses is fictitious -- there no "sshnuke,"
yet, and genuine exploits sensibly drop the user directly into a root
shell, while the big screen version forces the hacker to change the
system's root password -- in this case to "Z1ON1010.".
http://www.securityfocus.com/bid/2347
On Thu, 2003-05-15 at 20:56, Aaron Steimle wrote:
> Yeah, I caught a glimpse of a sshnuke. Not sure what it is I am guessing
> it is a app to crack ssh( real or imaginary).
>
> On Thu, 2003-05-15 at 19:38, Joseph Gruber wrote:
> > and then ssh'ing into 10.2.2.2 (at least that's the most of the ip I could
> > catch). Just a teensy weensy bit of the real "matrix". :)
> >
> >
> > -----Original Message-----
> > From: slug@lists.nks.net [mailto:slug@lists.nks.net] On Behalf Of Aaron
> > Steimle
> > Sent: Thursday, May 15, 2003 4:07 PM
> > To: slug@nks.net
> >
> > In Matrix Reloaded, there is a scene where Trinity is at a computer console
> > IN the matrix and in the shell you see that they just ran nmap. Made me
> > smile.
> >
> >
> >
> >
> >
>
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:01:43 EDT