Re: OpenSSH hack (linux is vulnerable?)

To: debian-laptop@lists.debian.org
Cc: debian <debian-laptop@lists.debian.org>
Subject: Re: OpenSSH hack (linux is vulnerable?)
From: Tim Connors <tconnors@astro.swin.edu.au>
Date: Wed, 17 Sep 2003 13:57:32 +1000 (EST)
Message-id: <[🔎] Pine.LNX.4.33.0309171353340.10910-100000@tellurium.ssi.swin.edu.au>
In-reply-to: <[🔎] 3F675939.60006@buffer.net>

On Tue, 16 Sep 2003, jhorton wrote:

> Hello,
>
> I do not know if anyone on this list is interested in Linux security,
> but, there appears to be an
> exploit of OpenSSH. Linux is vulnerable. The remedy is to upgrade to
> OpenSSH 3.7p1

Don't do that. Update to your distributions latest update - as long as it
has the fix applied.

Debian unstable has a backport to 1:3.6.1p2-6, because 3.7p1 is not ready
for debian yet, given that it has major PAM updates.

Debian stable is a different version again, and can be got from:
deb http://security.debian.org/debian-security stable/updates main contrib non-free
or the like.

Your own distribution may well be OpenSSH 3.7p1, but not necessarily.

Unfortunately the firewall solution won't work for everyone, if they need
to be able to log in from any address.

--

Reply to:

Follow-Ups:
- Re: OpenSSH hack (linux is vulnerable?)
  - From: Anders Ellenshøj Andersen <andersa@fys.ku.dk>

References:
- OpenSSH hack (linux is vulnerable?)
  - From: jhorton <james@buffer.net>

Prev by Date: Re: Nokia D211
Next by Date: can't find driver for sound and net work adaptor
Previous by thread: OpenSSH hack (linux is vulnerable?)
Next by thread: Re: OpenSSH hack (linux is vulnerable?)
Index(es):
- Date
- Thread