The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSH exploit

Discussion in 'General Discussion' started by sparek-3, Sep 17, 2003.

  1. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,384
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Anyone know how to go about upgrading SSH on CPanel servers (specifically Redhat 7.3) to patch the new SSH exploit? I don't want to risk doing something that could break the server. I would appreciate it if someone could give step-by-step instructions on how to patch this exploit.

    Thanks

    cPanel.net Support Ticket Number:
     
  2. NiN

    NiN Active Member

    Joined:
    Apr 30, 2003
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Braga, Portugal
  3. WebNET

    WebNET Active Member

    Joined:
    Jul 21, 2003
    Messages:
    38
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    USA Brooklyn NYC
  4. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,384
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    I tried downloading the rpms but it did not seem to install them. I tried running up2date but I am not registered. Does it cost anything to become a member and run up2date? We have several servers that will need to be updated, will this cause any problems?

    cPanel.net Support Ticket Number:
     
  5. NiN

    NiN Active Member

    Joined:
    Apr 30, 2003
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Braga, Portugal
    Here you go a set-by-step for your rh7.3:

    ssh to your box, as root:

    mkdir openssh
    cd openssh
    wget ftp://updates.redhat.com/7.3/en/os/i386/openssh-3.1p1-10.i386.rpm
    wget ftp://updates.redhat.com/7.3/en/os/i386/openssh-clients-3.1p1-10.i386.rpm
    wget ftp://updates.redhat.com/7.3/en/os/i386/openssh-server-3.1p1-10.i386.rpm
    rpm -Fvh *.rpm

    Do that :D
     
  6. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,384
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    I did that, but it didn't seem to do anything. The SSH version is still old

    sshd version OpenSSH_3.1p1

    cPanel.net Support Ticket Number:
     
  7. NiN

    NiN Active Member

    Joined:
    Apr 30, 2003
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Braga, Portugal
    Don't say « it didn't work » because no one can guess what is going on in you system ... :rolleyes:

    Try showing some output, errors, something! ;)
     
  8. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,384
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    root@mutter [~/openssh]# rpm -Fvh *.rpm
    root@mutter [~/openssh]#

    Sorry, I know I'm probably being somewhat of a pain, just if I mess up the SSH install, I won't have SSH access to go back and fix it. I'm trying to be as careful as possible.

    cPanel.net Support Ticket Number:
     
  9. mpope

    mpope Well-Known Member

    Joined:
    Aug 16, 2001
    Messages:
    55
    Likes Received:
    0
    Trophy Points:
    6
    Hello,

    OpenSSH was updated in last nights /upcp (apparently)... can anyone from CPanel confirm that the patch for openssh has been applied ?

    This is a large exploit, and something that I think should be addressed in WHM news... please do so asap! Thanks guys!

    cPanel.net Support Ticket Number:
     
  10. jsteel

    jsteel Well-Known Member

    Joined:
    Jul 4, 2002
    Messages:
    646
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Atlanta, GA
    Don't forget that Red Hat's RPMs are patched. Just because you see that 3.1p1 has an exploit from that codebase, doesn't mean Red Hat's RPM of 3.1p1 is susceptible. They don't always upgrade to newer source to fix an exploit, but rather patch the current sourc, so the version stays the same.

    cPanel.net Support Ticket Number:
     
  11. GetWired

    GetWired Active Member

    Joined:
    Aug 4, 2003
    Messages:
    39
    Likes Received:
    0
    Trophy Points:
    6
  12. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,384
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    I think your right, CPanel did update SSH last night, the date on the sshd file was dated September 16th. At any rate, I upgraded all of our servers to the latest OpenSSH. I'll paste what I did below. Again thanks, to all that helped.

    Code:
    mkdir ssh
    cd ssh
    wget [url]ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.7.1p1.tar.gz[/url]
    tar -zxf openssh-3.7.1p1.tar.gz
    cd openssh-3.7.1p1
    
    /usr/sbin/useradd -d /var/empty -c "sshd privsep" -s /bin/false sshd
    chown root.root /var/empty
    
    ./configure --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc/ssh
    
    make
    make install
    
    cPanel.net Support Ticket Number:

    cPanel.net Support Ticket Number:
     
  13. NNNils

    NNNils Well-Known Member

    Joined:
    Sep 17, 2002
    Messages:
    580
    Likes Received:
    0
    Trophy Points:
    16
    When running upcp it says to me:

    openssh is up to date (Fri Aug 8 05:16:53 2003)
    openssh-server is up to date (Fri Aug 8 05:16:53 2003)
    openssh-clients is up to date (Fri Aug 8 05:16:53 2003)

    Is that okay?

    cPanel.net Support Ticket Number:
     
  14. jamesbond

    jamesbond Well-Known Member

    Joined:
    Oct 9, 2002
    Messages:
    738
    Likes Received:
    1
    Trophy Points:
    18
    No, it should be Sep 16

    Here's mine :

    openssh is up to date (Tue Sep 16 13:23:07 2003)
    openssh-server is up to date (Tue Sep 16 13:23:07 2003)
    openssh-clients is up to date (Tue Sep 16 13:23:07 2003)

    cPanel.net Support Ticket Number:
     
  15. NNNils

    NNNils Well-Known Member

    Joined:
    Sep 17, 2002
    Messages:
    580
    Likes Received:
    0
    Trophy Points:
    16
    For some reason it won't update on 1 servers, other servers are okay... Hmmm.

    cPanel.net Support Ticket Number:
     
  16. mr2jzgte

    mr2jzgte Well-Known Member

    Joined:
    Jun 18, 2003
    Messages:
    51
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Florida
    In case anyone is running a system with MD5 passwords.. You must set the configure option "--with-md5-passwords" otherwise you will not be able to log into the system if doing a manual update..


    Had me stumped for a few mins as to why i couldn't log in ;)

    ./configure --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc/ssh --with-md5-passwords

    cPanel.net Support Ticket Number:
     
  17. Angel78

    Angel78 Well-Known Member

    Joined:
    May 9, 2002
    Messages:
    413
    Likes Received:
    1
    Trophy Points:
    16
    I have (sept 17 instead)
    openssh is up to date (Wed Sep 17 18:11:35 2003)
    openssh-server is up to date (Wed Sep 17 18:11:35 2003)
    openssh-clients is up to date (Wed Sep 17 18:11:35 2003)

    cPanel.net Support Ticket Number:
     
  18. ThunderHostingDotCom

    ThunderHostingDotCom Well-Known Member

    Joined:
    Nov 18, 2002
    Messages:
    450
    Likes Received:
    1
    Trophy Points:
    16
    Location:
    All over!
    How do I find out what version of SSH I am running?

    cPanel.net Support Ticket Number:
     
  19. rix

    rix Well-Known Member

    Joined:
    May 1, 2003
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    6
    openssl is up to date (Thu Sep 25 02:51:50 2003)
    openssl-devel is up to date (Thu Sep 25 03:24:27 2003)

    openssh is up to date (Thu Sep 18 00:11:35 2003)
    openssh-server is up to date (Thu Sep 18 00:11:35 2003)
    openssh-clients is up to date (Thu Sep 18 00:11:35 2003)

    does this consider im safe from the bug ?

    cPanel.net Support Ticket Number:
     
  20. DHL

    DHL Well-Known Member

    Joined:
    Mar 8, 2002
    Messages:
    88
    Likes Received:
    0
    Trophy Points:
    6
    ssh -V

    cPanel.net Support Ticket Number:
     
Loading...

Share This Page