SSH exploit

[sparek-3]

Anyone know how to go about upgrading SSH on CPanel servers (specifically Redhat 7.3) to patch the new SSH exploit? I don't want to risk doing something that could break the server. I would appreciate it if someone could give step-by-step instructions on how to patch this exploit.

Thanks

cPanel.net Support Ticket Number:

[NiN]

You can just run
#up2date -u
in your red hat box

To update it manually you can visit the information on this issue in https://rhn.redhat.com/errata/RHSA-2003-279.html just download and update the RPM packages

[WebNET]

I used a how-TO here......

http://forums.rackshack.net/showthre...hlight=OpenSSH

David K.

cPanel.net Support Ticket Number:

[sparek-3]

I tried downloading the rpms but it did not seem to install them. I tried running up2date but I am not registered. Does it cost anything to become a member and run up2date? We have several servers that will need to be updated, will this cause any problems?

cPanel.net Support Ticket Number:

[NiN]

Here you go a set-by-step for your rh7.3:

ssh to your box, as root:

mkdir openssh
cd openssh
wget ftp://updates.redhat.com/7.3/en/os/i386/openssh-3.1p1-10.i386.rpm
wget ftp://updates.redhat.com/7.3/en/os/i386/openssh-clients-3.1p1-10.i386.rpm
wget ftp://updates.redhat.com/7.3/en/os/i386/openssh-server-3.1p1-10.i386.rpm
rpm -Fvh *.rpm

Do that

[sparek-3]

I did that, but it didn't seem to do anything. The SSH version is still old

sshd version OpenSSH_3.1p1

cPanel.net Support Ticket Number:

[NiN]

Don't say « it didn't work » because no one can guess what is going on in you system ...

Try showing some output, errors, something!

[sparek-3]

root@mutter [~/openssh]# rpm -Fvh *.rpm
root@mutter [~/openssh]#

Sorry, I know I'm probably being somewhat of a pain, just if I mess up the SSH install, I won't have SSH access to go back and fix it. I'm trying to be as careful as possible.

cPanel.net Support Ticket Number:

[mpope]

Hello,

OpenSSH was updated in last nights /upcp (apparently)... can anyone from CPanel confirm that the patch for openssh has been applied ?

This is a large exploit, and something that I think should be addressed in WHM news... please do so asap! Thanks guys!

cPanel.net Support Ticket Number:

[jsteel]

Originally posted by sparek-3
I did that, but it didn't seem to do anything. The SSH version is still old

sshd version OpenSSH_3.1p1

cPanel.net Support Ticket Number:

Don't forget that Red Hat's RPMs are patched. Just because you see that 3.1p1 has an exploit from that codebase, doesn't mean Red Hat's RPM of 3.1p1 is susceptible. They don't always upgrade to newer source to fix an exploit, but rather patch the current sourc, so the version stays the same.

cPanel.net Support Ticket Number:

[GetWired]

Cpanel will update automatically, it did for me last night.

cPanel.net Support Ticket Number:

[sparek-3]

I think your right, CPanel did update SSH last night, the date on the sshd file was dated September 16th. At any rate, I upgraded all of our servers to the latest OpenSSH. I'll paste what I did below. Again thanks, to all that helped.

Code:

mkdir ssh
cd ssh
wget ftp://ftp.openbsd.org/pub/OpenBSD/Op...3.7.1p1.tar.gz
tar -zxf openssh-3.7.1p1.tar.gz
cd openssh-3.7.1p1

/usr/sbin/useradd -d /var/empty -c "sshd privsep" -s /bin/false sshd
chown root.root /var/empty

./configure --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc/ssh

make
make install

cPanel.net Support Ticket Number:

cPanel.net Support Ticket Number:

[NNNils]

When running upcp it says to me:

openssh is up to date (Fri Aug 8 05:16:53 2003)
openssh-server is up to date (Fri Aug 8 05:16:53 2003)
openssh-clients is up to date (Fri Aug 8 05:16:53 2003)

Is that okay?

cPanel.net Support Ticket Number:

[jamesbond]

Originally posted by NNNils
When running upcp it says to me:

openssh is up to date (Fri Aug 8 05:16:53 2003)
openssh-server is up to date (Fri Aug 8 05:16:53 2003)
openssh-clients is up to date (Fri Aug 8 05:16:53 2003)

Is that okay?

No, it should be Sep 16

Here's mine :

openssh is up to date (Tue Sep 16 13:23:07 2003)
openssh-server is up to date (Tue Sep 16 13:23:07 2003)
openssh-clients is up to date (Tue Sep 16 13:23:07 2003)

cPanel.net Support Ticket Number:

[NNNils]

For some reason it won't update on 1 servers, other servers are okay... Hmmm.

cPanel.net Support Ticket Number: