On Fri, 13 Jun 2003 14:18:44 -0400 Tim Peeler <thp@linux00.LinuxForce.net> wrote: > In the last 4-5 days we have had 8 servers come under attack. We are > working frantically to keep ahead of these attacks. We have come to the > conclusion that the SSH in woody is likely vulnerable. Of the 8 servers > that have been broken into, half of them are running 2.2.20 and half > are running 2.4.18. We have been updating all servers to 2.4.21-rc8. > We are ruling out a kernel exploit because of this. Of the servers > attacked, one was only running sshd (from woody). We have not had time > to analyze where the exploit occurs in sshd, but we are very confident > that this is the location of the exploit. We have begun upgrading to > a backport of the testing version of ssh which appears to be helping. Could you provide your /etc/ssh/sshd_config, the version of your "ssh" package, and the output from 'debsums ssh'? Thanks.
Attachment:
pgpEvlSoyWBy2.pgp
Description: PGP signature