Repost from RS forums
OpenSSH Buffer Exploit
Severity: CRITICAL
There have been several reports of a new ssh bug, with an exploit seemingly in the wild.
1. Versions affected:
All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error. The attack makes an enormous amount of ssh connections and attempts various offsets until it finds one that works permitting root login. Priv sep does *not* seem to stop the attack (unless its on OpenBSD). Hosts.allow/deny will stop it as will any very restrictive firewall rules.
2. Solutions:
If you do any of this, you do so at your own risk and I take no responsibility if you hose your box.
Upgrade to OpenSSH 3.7 or use this patch
Openssh 3.7p1 on the master ftp:
ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.7p1.tar.gz
For Debian stable users:
apt-get update
apt-get upgrade
Debian Security List post
For Redhat Users:
Redhat has not *yet* released a patch however you can manually install the 3.7p1 or use the patch
For Gentoo Users:
This is a workaround since ebuild update isnt there yet
cd /usr/portage/net-misc/openssh/
cp openssh-3.6.1_p2.ebuild openssh-3.7_p1.ebuild
emerge -f openssh-3.7_p1.ebuild
ebuild openssh-3.7_p1.ebuild digest
emerge openssh-3.7_p1.ebuild
/etc/init.d/sshd restart
Please note this is just a repost FYI. I do not answer questions about it, nor I take any responsibility.
OpenSSH Buffer Exploit
Severity: CRITICAL
There have been several reports of a new ssh bug, with an exploit seemingly in the wild.
1. Versions affected:
All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error. The attack makes an enormous amount of ssh connections and attempts various offsets until it finds one that works permitting root login. Priv sep does *not* seem to stop the attack (unless its on OpenBSD). Hosts.allow/deny will stop it as will any very restrictive firewall rules.
2. Solutions:
If you do any of this, you do so at your own risk and I take no responsibility if you hose your box.
Upgrade to OpenSSH 3.7 or use this patch
Openssh 3.7p1 on the master ftp:
ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.7p1.tar.gz
For Debian stable users:
apt-get update
apt-get upgrade
Debian Security List post
For Redhat Users:
Redhat has not *yet* released a patch however you can manually install the 3.7p1 or use the patch
For Gentoo Users:
This is a workaround since ebuild update isnt there yet
cd /usr/portage/net-misc/openssh/
cp openssh-3.6.1_p2.ebuild openssh-3.7_p1.ebuild
emerge -f openssh-3.7_p1.ebuild
ebuild openssh-3.7_p1.ebuild digest
emerge openssh-3.7_p1.ebuild
/etc/init.d/sshd restart
Please note this is just a repost FYI. I do not answer questions about it, nor I take any responsibility.
