Probable SSH Vulnerability
In the last 4-5 days we have had 8 servers come under attack. We are
working frantically to keep ahead of these attacks. We have come to the
conclusion that the SSH in woody is likely vulnerable. Of the 8 servers
that have been broken into, half of them are running 2.2.20 and half
are running 2.4.18. We have been updating all servers to 2.4.21-rc8.
We are ruling out a kernel exploit because of this. Of the servers
attacked, one was only running sshd (from woody). We have not had time
to analyze where the exploit occurs in sshd, but we are very confident
that this is the location of the exploit. We have begun upgrading to
a backport of the testing version of ssh which appears to be helping.