Critical: ssh-nonfree IS exploited

To: debian-devel@lists.debian.org, security@debian.org
Subject: Critical: ssh-nonfree IS exploited
From: Bernd Eckenfels <ecki@lina.inka.de>
Date: Sun, 11 Nov 2001 15:14:07 +0100
Message-id: <[🔎] 20011111151407.B9931@lina.inka.de>

Hello,

just a small information, I have at least 2 confirmed reports about Hacked
Debian Boxes. All of them are hacked by exploiting the old nonfree-ssh and
installing a rootkit. Fortunatelly the rootkit is easy to detect, since it
is linked against libc5.

Sice there is no security alert and since it is onliy fixed in 1.2.27-6.2 or
-7 we should warn our users explicitely. Especially sice it is not contained
within potato.

Note: the reason why those production servers are still using non-free ssh
is, because a) OpenSSH isnt more secure (had a remote exploit before) and b)
upgrade is harder than expected. So we need to make nonfree more recent.

Greetings
Bernd
-- 
  (OO)      -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +497257930613  BE5-RIPE
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!

Reply to:

Follow-Ups:
- Re: Critical: ssh-nonfree IS exploited
  - From: Wichert Akkerman <wichert@wiggy.net>
- Re: Critical: ssh-nonfree IS exploited
  - From: Andrew Suffield <asuffield@debian.org>

Prev by Date: Re: correct location for gcc wrappers?
Next by Date: Bug#119129: ITP: mysqltcl -- mysqltcl is an interface to the MySQL database for the Tcl language.
Previous by thread: Re: correct location for gcc wrappers?
Next by thread: Re: Critical: ssh-nonfree IS exploited
Index(es):
- Date
- Thread