On Wed, 16 Jan 2002, Charlie Bebber wrote: > > This isn't the first time I've seen this message in my log and I was just > wondering if anyone on the list might know what the hell it is (if it's > anything other than them looking to see what version of SSH I'm running): > > --- > Jan 16 10:53:17 oscar sshd[27848]: scanned from 207.211.22.19 with > SSH-1.0-SSH_Version_Mapper. Don't panic. > --- Be paranoid. Be very paranoid.
There's an ssh vulnerability that allows remote root access. Update to the newest version as soon as you can. Though the vulnerability is old only recently have I seen automated exploit scripts. It looks like someone is checking to see what version of ssh you're running in preparation for something else. As an interim measure you can try disabling ssh protocol 1. This is *supposed* to close the vulnerability but don't take my word for it. I know that the commercial ssh v.1.2.27 and older is vulnerable, as is probably all versions of OpenSSH up to the most recent. > > The only thing a google search turned up is someone basically asking the > same question on the SuSE list and someone replying just to make sure his > sshd is up to date. > > So does anyone have any info that might be more detailed than that? > > Cheers, > > -Charlie >
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
