Exploit for SSH-1.2.27 compiled with RSAREF2. It was tested against sshd running on Linux (Redhat 6.0) and OpenBSD 2.6, from a Linux Redhat 6.0 box. The exploit is more or less "script-kid-proof" since if it doesnt work a bit of debugging, coding and probably crypto skills are needed to make it work. More information available here.
f5d81f91644fc5cbc5d955dffdf2e9e49303cd9490296a806aef8229ac7c24a0