Re: Probable SSH Vulnerability
This has caused problems on some of our old potato systems as well.
It appears to be a worm with the speed in which it spread.
On Fri, Jun 13, 2003 at 02:18:44PM -0400, Tim Peeler wrote:
> In the last 4-5 days we have had 8 servers come under attack. We are
> working frantically to keep ahead of these attacks. We have come to the
> conclusion that the SSH in woody is likely vulnerable. Of the 8 servers
> that have been broken into, half of them are running 2.2.20 and half
> are running 2.4.18. We have been updating all servers to 2.4.21-rc8.
> We are ruling out a kernel exploit because of this. Of the servers
> attacked, one was only running sshd (from woody). We have not had time
> to analyze where the exploit occurs in sshd, but we are very confident
> that this is the location of the exploit. We have begun upgrading to
> a backport of the testing version of ssh which appears to be helping.
> Tim Peeler
> To UNSUBSCRIBE, email to email@example.com
> with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org