SSH upgrade
This is part of a message I got from securityspace.com:
Title: SSH1 CRC-32 compensation attack
ID: 10607
Category: Gain a shell remotely
URL: http://www.securityspace.com/smysecure/catid.html?id=10607
Summary: Checks for the remote SSH version
Description:
You are running a version of SSH which is
older than version 1.2.32,
or a version of OpenSSH which is older than
2.3.0.
This version is vulnerable to a flaw which
allows an attacker to insert arbitrary commands
in a ssh stream.
Solution :
Upgrade to version 1.2.32 of SSH which solves this problem,
or to version 2.3.0 of OpenSSH
More information:
http://www.core-sdi.com/english/ssh/
Risk factor : High
My question is where can I find debian packages of openssh 2.3.0., I
couln't find them with apt-get
Thanks in advance
Mark Lamers
Reply to:
- Follow-Ups:
- Re: SSH upgrade
- From: Michael Schmitz <schmitz@mail.biophys.uni-duesseldorf.de>