SSH integer overflow exploit v1.67 Vulnerability exploited: CVE-2001-0144 - BID-2347 Category: Exploits/Remote Exploits a vulnerability present on some implementations of secure shell servers (usually sshd). It abuses an integer overflow condition present in the code to detect a different cryptographic attack. After successful exploitation a level0 agent will be installed. This level0 agent will inherit the user identity and capabilities of the abused service, usually the super user, but in some configurations it might be that of any other user in the target system. Supported Systems: Debian Linux 2.2 (i386) RedHat Linux 6.2 (i386) RedHat Linux 7 (i386) SSH 1.2.24 - 1.2.31 (ssh.com) F-Secure ssh 1.3.x OpenSSH prior to 2.3.0 (unless SSH protocol 1 support is disabled) OSSH 1.5.7 (by Bjoem Groenvall) and other ssh1/OpenSSH derived daemons This module is included in the latest version of CORE IMPACT, the first automated comprehensive penetration testing product for accurately identifying information security risks. Click here to learn more about the product.