I understand the (un)officail PKG is the following build [root@dns3 raq3]# ssh -V OpenSSH_2.9p2, SSH protocols 1.5/2.0, OpenSSL 0x0090581f
Any leads onto this build having a vuln? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Graeme Fowler Sent: 12 November 2001 19:47 To: '[EMAIL PROTECTED]' Subject: [cobalt-security] Possible (probable) hole in SSH? Kevin D wrote: > What exactly are you talking about? AFAIK, cobalt patches on > these two are up to date. Doing the rounds right this very minute are a bunch of exploits which we'd already have patches for if it wasn't for the fact that full disclosure just died on its' ass and exploit writers are now actually copyrighting everything they do... Initially it appears that OpenSSH prior to version 2.3 was vulnerable to an attack in the CRC32 code in the daemon. I have now seen two different machines, both running 2.5.2p2, which *appear* - I have no proof, yet, apart from the fact that the installed rootkit matches that reported by Dave Dittrich on Bugtraq this morning - to have been got at via a hole in the SSH daemon. Tellingly, one of the machines ONLY runs SSH... You all installed an SSH service, right? Get it updated. Now. Graeme -- Graeme Fowler System Administrator Host Europe Group PLC _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
