search for: packetstormsecurity

...ciphers. The OpenSSH team also suggests a mitigation in which the CTR mode ciphers "may be preferentially selected" first in the ssh[d]_config files: Ciphers aes128-ctr,aes256-ctr,arcfour256,arcfour,aes128-cbc,aes256-cbc http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt https://packetstormsecurity.com/files/72061/Vulnerability_Advisory_SSH.txt.html http://www.cs.washington.edu/homes/yoshi/papers/TISSEC04/ https://homes.cs.washington.edu/~yoshi/papers/TISSEC04/ssh-acmccs.pdf http://isg.rhul.ac.uk/~kp/SandPfinal.pdf https://lwn.net/Articles/307873/ http://www.openssh.com/security.html http:/...

...tyfocus.com/archive/1/265719 Oh and if people want to test their local systems against this bug..you can aquire the exploit at: (it should be noted that this version of the exploit is just meant for linux x86 targets. This does not mean this bug is not exploitable on other platforms) http://www.packetstormsecurity.nl/filedesc/icx.c.html <p>ltr, diz -------------- next part -------------- A non-text attachment was scrubbed... Name: icecast.txt Type: application/octet-stream Size: 4808 bytes Desc: icecast.txt Url : http://lists.xiph.org/pipermail/icecast/attachments/20020406/885b462f/icecast.obj