[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] Possible (probable) hole in SSH?

Subject: [cobalt-security] Possible (probable) hole in SSH?
From: Graeme Fowler <graeme.fowler@xxxxxxxxxxxxxx>
Date: Mon, 12 Nov 2001 19:46:58 -0000
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Kevin D wrote:

> What exactly are you talking about? AFAIK, cobalt patches on 
> these two are up to date.

Doing the rounds right this very minute are a bunch of exploits which we'd
already have patches for if it wasn't for the fact that full disclosure just
died on its' ass and exploit writers are now actually copyrighting
everything they do...

Initially it appears that OpenSSH prior to version 2.3 was vulnerable to an
attack in the CRC32 code in the daemon. I have now seen two different
machines, both running 2.5.2p2, which *appear* - I have no proof, yet, apart
from the fact that the installed rootkit matches that reported by Dave
Dittrich on Bugtraq this morning - to have been got at via a hole in the SSH
daemon. Tellingly, one of the machines ONLY runs SSH...

You all installed an SSH service, right? Get it updated. Now.

Graeme
-- 
Graeme Fowler
System Administrator
Host Europe Group PLC

Follow-Ups:
- RE: [cobalt-security] Possible (probable) hole in SSH?
  - From: malcolm wild
- Re: [cobalt-security] Possible (probable) hole in SSH?
  - From: Parker Morse

Prev by Date: Re: [cobalt-security] Unusual ps command output
Next by Date: [cobalt-security] ssh problem
Previous by thread: Re: [cobalt-security] Unusual ps command output
Next by thread: RE: [cobalt-security] Possible (probable) hole in SSH?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index