Re: Probable SSH Vulnerability

To: debian-security@lists.debian.org
Subject: Re: Probable SSH Vulnerability
From: Tim Peeler <thp@linux00.LinuxForce.net>
Date: Fri, 13 Jun 2003 18:10:37 -0400
Message-id: <[🔎] 20030613221036.GA8558@linux00.LinuxForce.net>
In-reply-to: <[🔎] 20030613181844.GA23860@linux00.LinuxForce.net>
References: <[🔎] 20030613181844.GA23860@linux00.LinuxForce.net>

Followup: 

   This has caused problems on some of our old potato systems as well.
   It appears to be a worm with the speed in which it spread.

On Fri, Jun 13, 2003 at 02:18:44PM -0400, Tim Peeler wrote:
> In the last 4-5 days we have had 8 servers come under attack.  We are
> working frantically to keep ahead of these attacks.  We have come to the
> conclusion that the SSH in woody is likely vulnerable.  Of the 8 servers
> that have been broken into, half of them are running 2.2.20 and half
> are running 2.4.18.  We have been updating all servers to 2.4.21-rc8.
> We are ruling out a kernel exploit because of this.  Of the servers
> attacked, one was only running sshd (from woody).  We have not had time
> to analyze where the exploit occurs in sshd, but we are very confident
> that this is the location of the exploit.  We have begun upgrading to
> a backport of the testing version of ssh which appears to be helping.
> 
> Tim Peeler
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- Probable SSH Vulnerability
  - From: Tim Peeler <thp@linux00.LinuxForce.net>

Prev by Date: Re: Probable SSH Vulnerability
Next by Date: Ghostscript vulnerable (bid 7757)
Previous by thread: Re: Probable SSH Vulnerability
Next by thread: Ghostscript vulnerable (bid 7757)
Index(es):
- Date
- Thread