[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] Possible (probable) hole in SSH?
- Subject: RE: [cobalt-security] Possible (probable) hole in SSH?
- From: "malcolm wild" <cobaltsec@xxxxxxxxxxx>
- Date: Mon, 12 Nov 2001 21:14:55 -0000
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
I understand the (un)officail PKG is the following build
[root@dns3 raq3]# ssh -V
OpenSSH_2.9p2, SSH protocols 1.5/2.0, OpenSSL 0x0090581f
Any leads onto this build having a vuln?
-----Original Message-----
From: cobalt-security-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of Graeme Fowler
Sent: 12 November 2001 19:47
To: 'cobalt-security@xxxxxxxxxxxxxxx'
Subject: [cobalt-security] Possible (probable) hole in SSH?
Kevin D wrote:
> What exactly are you talking about? AFAIK, cobalt patches on
> these two are up to date.
Doing the rounds right this very minute are a bunch of exploits which we'd
already have patches for if it wasn't for the fact that full disclosure just
died on its' ass and exploit writers are now actually copyrighting
everything they do...
Initially it appears that OpenSSH prior to version 2.3 was vulnerable to an
attack in the CRC32 code in the daemon. I have now seen two different
machines, both running 2.5.2p2, which *appear* - I have no proof, yet, apart
from the fact that the installed rootkit matches that reported by Dave
Dittrich on Bugtraq this morning - to have been got at via a hole in the SSH
daemon. Tellingly, one of the machines ONLY runs SSH...
You all installed an SSH service, right? Get it updated. Now.
Graeme
--
Graeme Fowler
System Administrator
Host Europe Group PLC
_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security