[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Probable SSH Vulnerability

On Sat, Jun 14, 2003 at 03:28:49AM +0100, Nick Boyce wrote:
> On Fri, 13 Jun 2003 17:52:21 -0400, Tim Peeler wrote:
> 
> >On Fri, Jun 13, 2003 at 05:15:28PM -0400, David B Harris wrote:
> >> 
> >> On Fri, 13 Jun 2003 14:18:44 -0400
> >> Tim Peeler <thp@linux00.LinuxForce.net> wrote:
> >> > In the last 4-5 days we have had 8 servers come under attack.  We are
> >> > working frantically to keep ahead of these attacks.  We have come to the
> >> > conclusion that the SSH in woody is likely vulnerable.  
> 
[snip]
> >From your sshd_config :
> 
> > Protocol 2,1
> 
> Um, aren't there known *unfixable* problems with the SSH1 protocol ?
> 
> http://www.cert.org/advisories/CA-2001-35.html
> http://list.cobalt.com/pipermail/cobalt-security/2001-November/003857.html
> http://groups.google.com/groups?q=ssh1+unfixable&hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=m1lsmv0faft.fsf%40syrinx.oankali.net&rnum=1
> http://groups.google.com/groups?q=ssh1+deprecated&hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=Pine.LNX.4.10.10102101444180.22997-100000%40mystery.acr.fi&rnum=1
> 

Sorry in the lateness of the reply.

I've come to the conclusion that the SSH1 protocol is the most likely
cause of this problem.  I haven't had time to look over all the systems
that were comprimized though.  We've disabled SSH1 as of yesterday
on al our systems as well as upgrading to the testing version of SSH.

If we come up with something that suggests that this was NOT related to
the SSH1 protocol, we'll submit our findings.

Thanks for the heads up btw, I'll forward these URLs to my superior.


Tim
Reply to: