[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Probable SSH Vulnerability


   This has caused problems on some of our old potato systems as well.
   It appears to be a worm with the speed in which it spread.

On Fri, Jun 13, 2003 at 02:18:44PM -0400, Tim Peeler wrote:
> In the last 4-5 days we have had 8 servers come under attack.  We are
> working frantically to keep ahead of these attacks.  We have come to the
> conclusion that the SSH in woody is likely vulnerable.  Of the 8 servers
> that have been broken into, half of them are running 2.2.20 and half
> are running 2.4.18.  We have been updating all servers to 2.4.21-rc8.
> We are ruling out a kernel exploit because of this.  Of the servers
> attacked, one was only running sshd (from woody).  We have not had time
> to analyze where the exploit occurs in sshd, but we are very confident
> that this is the location of the exploit.  We have begun upgrading to
> a backport of the testing version of ssh which appears to be helping.
> Tim Peeler
> -- 
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: