Re: Critical: ssh-nonfree IS exploited

To: debian-devel@lists.debian.org, security@debian.org
Subject: Re: Critical: ssh-nonfree IS exploited
From: Bernd Eckenfels <lists@lina.inka.de>
Date: Sun, 11 Nov 2001 16:06:03 +0100
Message-id: <[🔎] 20011111160603.A10942@lina.inka.de>
In-reply-to: <[🔎] 20011111155440.B30811@wiggy.net>
References: <[🔎] 20011111151407.B9931@lina.inka.de> <[🔎] 20011111155440.B30811@wiggy.net>

On Sun, Nov 11, 2001 at 03:54:40PM +0100, Wichert Akkerman wrote:
> Previously Bernd Eckenfels wrote:
> > just a small information, I have at least 2 confirmed reports about Hacked
> > Debian Boxes. All of them are hacked by exploiting the old nonfree-ssh and
> > installing a rootkit. Fortunatelly the rootkit is easy to detect, since it
> > is linked against libc5.
> 
> Non-free, not part of Debian, etc. etc.

Well.. I think the admin will not differ, especially not, if you do not tell
them. I think a DSA is in order, especially as those Bugs are fixed.

Is it possible to send at least a small note (not an official Advisory) to
the announce list?

Greetings
Bernd

Reply to:

References:
- Critical: ssh-nonfree IS exploited
  - From: Bernd Eckenfels <ecki@lina.inka.de>
- Re: Critical: ssh-nonfree IS exploited
  - From: Wichert Akkerman <wichert@wiggy.net>

Prev by Date: Re: LDAP entry for NMU acceptance status
Next by Date: Re: Critical: ssh-nonfree IS exploited
Previous by thread: Re: Critical: ssh-nonfree IS exploited
Next by thread: Re: Critical: ssh-nonfree IS exploited
Index(es):
- Date
- Thread