Followup: This has caused problems on some of our old potato systems as well. It appears to be a worm with the speed in which it spread.
On Fri, Jun 13, 2003 at 02:18:44PM -0400, Tim Peeler wrote: > In the last 4-5 days we have had 8 servers come under attack. We are > working frantically to keep ahead of these attacks. We have come to the > conclusion that the SSH in woody is likely vulnerable. Of the 8 servers > that have been broken into, half of them are running 2.2.20 and half > are running 2.4.18. We have been updating all servers to 2.4.21-rc8. > We are ruling out a kernel exploit because of this. Of the servers > attacked, one was only running sshd (from woody). We have not had time > to analyze where the exploit occurs in sshd, but we are very confident > that this is the location of the exploit. We have begun upgrading to > a backport of the testing version of ssh which appears to be helping. > > Tim Peeler > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
