The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

OpenSSH exploit

Discussion in 'General Discussion' started by zex, Mar 8, 2002.

  1. zex

    zex Well-Known Member

    Joined:
    Aug 12, 2001
    Messages:
    98
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Since openssh have posible remote exploit, does that mean that will cpanel update automaticly openssh rpm's or clients.
    Details about exploit are avaliable at
    http://www.pine.nl/advisories/pine-cert-20020301.html

    Also according to Brad Sprengler www.grsecurity.net all linux kernels version 2.4.x are vulnerable to local DoS attack (users can kill any process).
    It's recomended installing of patch avaliable from
    http://www.grsecurity.net/linux-2.4.18.secfix.patch
     
  2. AbeFroman

    AbeFroman BANNED

    Joined:
    Feb 16, 2002
    Messages:
    654
    Likes Received:
    1
    Trophy Points:
    0
    How do i test?

    hello,

    how can i try to get root access from an account that doesnt have it to test to see if i have the patch working.
     
  3. zex

    zex Well-Known Member

    Joined:
    Aug 12, 2001
    Messages:
    98
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Kernel exploit does not give you chance to get root.
    You can kill any process that you dont own, such as httpd, proftpd
    init etc..

    ssh exploit is still not publicly avaliable bit it's just mater of day when will become public avaliable :(

    I'm sugesting to all clients to update their openssh daemons to version 3.1 if cpanel auto-update dont do that already.

    I think that this is right place to ask cpanel team: Will cpanel update ssh or not?
    Acording to this
    {ns} root TC 22:07 [~]& rpm -q openssh
    openssh-2.9p2-1
    ssh is still not updated, but it will be probobly soon.
    If you dont want to wait get yourself fresh copy of openssh3.1.tar.gz and compile it by hand.
     
  4. haze

    haze Well-Known Member

    Joined:
    Dec 21, 2001
    Messages:
    1,550
    Likes Received:
    3
    Trophy Points:
    38
    I get this:
    # rpm -q openssh
    openssh-3.1p1-2
     
  5. bdraco

    bdraco Guest

    7.2 updates are tested and out there.
    7.1 should be out very soon
    6.2 is having some problems with openssh 3.1
    chmod -s /usr/bin/ssh if you already haven't
     
  6. dzevad

    dzevad Well-Known Member

    Joined:
    Oct 7, 2001
    Messages:
    95
    Likes Received:
    0
    Trophy Points:
    6
    I have RH 7.2 and Cpanel 4.5.0-37 and it reports &openssh is up to date&.
    But look at this:

    # ssh -V
    OpenSSH_2.9p2

    So is my box problem (in that case I could have more outdated packages) or there are others having this problem too?


    Dzevad
     
  7. zex

    zex Well-Known Member

    Joined:
    Aug 12, 2001
    Messages:
    98
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Check for details on http://online.securityfocus.com/bid/4241

    Download fresh RH 7.2 packages from
    ftp://updates.redhat.com/7.2/en/os/i386/openssh-3.1p1-2.i386.rpm
    ftp://updates.redhat.com/7.2/en/os/i386/openssh-clients-3.1p1-2.i386.rpm
    ftp://updates.redhat.com/7.2/en/os/i386/openssh-server-3.1p1-2.i386.rpm
    ftp://updates.redhat.com/7.2/en/os/i386/openssh-askpass-3.1p1-2.i386.rpm

    After that do
    rpm -Uvh openssh*.rpm

    ;)
     
  8. dzevad

    dzevad Well-Known Member

    Joined:
    Oct 7, 2001
    Messages:
    95
    Likes Received:
    0
    Trophy Points:
    6
    It was already updated yesterday, probably by cpanel :)

    Dzevad
     
  9. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,824
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    back woods of NC, USA
    I am on RH7.1 and mine upfated to 3.1 a fews days back ..no problems here... thanks Nick!
     
Loading...

Share This Page