Re: OpenSSH hack (linux is vulnerable?)
On Tue, 16 Sep 2003, jhorton wrote:
> I do not know if anyone on this list is interested in Linux security,
> but, there appears to be an
> exploit of OpenSSH. Linux is vulnerable. The remedy is to upgrade to
> OpenSSH 3.7p1
Don't do that. Update to your distributions latest update - as long as it
has the fix applied.
Debian unstable has a backport to 1:3.6.1p2-6, because 3.7p1 is not ready
for debian yet, given that it has major PAM updates.
Debian stable is a different version again, and can be got from:
deb http://security.debian.org/debian-security stable/updates main contrib non-free
or the like.
Your own distribution may well be OpenSSH 3.7p1, but not necessarily.
Unfortunately the firewall solution won't work for everyone, if they need
to be able to log in from any address.