open SSH exploit

**Craig** · 06-27-2002 12:54 AM

http://www.debian.org/security/2002/dsa-134

Are we OK from this?

Craig

**feanor** · 06-27-2002 01:51 AM

not really OK at all, actually.
However, the peeps at openssh spawned their update that was scheduled for monday a bit earlier (HORRAY)

http://www.openssh.com

I'm assuming Darkorb is going to latch on to this as well- but for now just an FYI that is what's available!

**feanor** · 06-27-2002 11:49 AM

BTW a quick addendum:

This is only somewhat effective on RH 7.1 and EARLIER boxes----- 7.2 and 7.3 should be safe out of the box, as I've heard from various authorities. Also, after speaking with bdraco earlier he decrees the entire RedHat genre invulnverable to this, though the openssh 3.4 rpms will be gracing the cpanel update scene starting very, very soon.

I think RedHat is rpm-a-zizing the source as I type this, or perhaps it's released by now.

obviously www.openssh.com has anything technical you might want to know about this...........

**zex** · 06-27-2002 04:22 PM

There is no thing like totaly secured computer. I think that we all learn in last few day's that only way to secure box is to keep it updated.

Many security &experts& are said that 32 bit unix-like servers are not affected with latest apache bug, and 24 hours after that we are witness of exploit for OpenBSD, OS that didn't have remote exploit for last 5 years in default installation.

Also according to news on some hackers sites, same exploit for Solaris and Linux is also avaliable in underground....

All this including latest ssh exploit leed us to only one conclusion:
We must pay attention to security to protect our business at least from persons with &script kiddie& knowledge.

Security is not cheep thing we all know that, but it's much cheeper than loosing confidental information or clients.

**rpmws** · 06-27-2002 09:02 PM

We also know one more thing... Bill Gates wants our business really bad.

**avara** · 06-28-2002 01:54 AM

Anyone know when DarkOrb will be releaseing an official updater/patch?

bdraco · 06-28-2002 07:12 AM

http://rhn.redhat.com/errata/RHSA-2002-127.html

This patch should go in tonight or tomorrow if you have security updates on.

**mickalo** · 06-28-2002 09:01 AM

does this apply to RedHat/Linux 6.2 also ??

thx's

**rpmws** · 06-28-2002 11:23 AM

[quote:522abbc6ac][i:522abbc6ac]Originally posted by bdraco[/i:522abbc6ac]

http://rhn.redhat.com/errata/RHSA-2002-127.html

This patch should go in tonight or tomorrow if you have security updates on.[/quote:522abbc6ac]

Hey Nick .... THANKS MAN!!!!

**shaun** · 06-28-2002 04:36 PM

i messed with the apache exploit alittle bit. That link that nick gave us a while back had source with it. Supposivly it would only work on openBSD but i noticed when i ran it on a RH7.1 machine running apache 1.3.20 (stupid POS plesk server) that it caused the child apache process's to sig11. I ran this exploit in a while true loop also just to see if i could totally kill apache and wasnt able too. Of course this was only a openbsd exploit but it does show that their is a flaw in the code.

cpanel's rpmup i beleive will automatically upgrade openssh, as long as you guys didnt disable updates on your server that is

**NetGeek** · 06-29-2002 04:37 PM

How to know if I am at the safe side or not ? (i.e. how to check out the ver. #'s)

I just enabled the automatic security update function after reading this, but how can I know it kicked off ?

LinkBack

Thread Tools

open SSH exploit

How do I open a port in ssh?

Open reseller account with ssh

Upgrade Open SSh

New WHM (SSH) exploit

SSH exploit