On Tue, Dec 18, 2001 at 11:07:14AM -0800, David Corcoran wrote:
> If you are using the ssh with smartcard support be sure to use the
> ssh-daemon in the 3.0.0 or higher release.
> >Most of you probably know about the CRC integer buffer overflow root
> >exploit in sshd. Since many of us use open-ssh as our daemon, if we
> >have the latest version 3.0 we are safe from this exploit.
> >Surprisingly, even some of the latest Linux distributions, Suse,
> >Redhat do not have the latest version of the ssh software. Mac OS X
> >users are still using open ssh 2.9 and should be upgraded
> >immediately also, the latest versions of openssh contain darwin
> >detection.
The CRC-32 exploit only affects versions prior to 2.3.0p1.
OpenSSH 2.3.0p1 and higher are NOT affected by this. There are some
other problems, if you have enabled "USE_LOGIN" but that's not the
default. Upgrading is definitely a good idea, but 2.9.x is not
vulnerable to the CRC-32 attack.
I have a copy of the exploit that's in the wild. If you
use it to attack OpenSSH 2.3.0 and higher, it will make a lot of
"noise" (error messages) in the server's logs but it will not break
in. Several sites reported breakins with recent versions of ssh but
those proved to be the, much more dangerous, recently discovered hole
in wu-ftp.
> >This vulnerability is real, many have been hacked on it and action
> >must be taken to protect your machine.
> >
> >Some of the hacking tools used to find this exploit scan IP
> >addresses and ports for port 22. Should you need a temporary fix,
> >you might try running sshd on port 21 or another non-ssh port to
> >keep the majority of the scanners from detecting your system.
> >
> >I think one note to learn from this is that the openssh was probably
> >close to the first to detect this problem almost a year ago. Way to
> >go open source.
> >
> >For more information visit the CERT page http://www.cert.org
> >
> >Dave
> ***************************************************************
> Unix Smart Card Developers - M.U.S.C.L.E.
> (Movement for the Use of Smart Cards in a Linux Environment)
> http://www.linuxnet.com/
> To unsubscribe send an email to [EMAIL PROTECTED] with
> unsubscribe sclinux
> ***************************************************************
Mike
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
***************************************************************
Unix Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/
To unsubscribe send an email to [EMAIL PROTECTED] with
unsubscribe sclinux
***************************************************************
