On Fri, Jun 13, 2003 at 02:18:44PM -0400, Tim Peeler remarked: > In the last 4-5 days we have had 8 servers come under attack. > We are working frantically to keep ahead of these attacks. We > have come to the conclusion that the SSH in woody is likely > vulnerable. Of the 8 servers that have been broken into, half > of them are running 2.2.20 and half are running 2.4.18. We > have been updating all servers to 2.4.21-rc8. We are ruling > out a kernel exploit because of this. Of the servers > attacked, one was only running sshd (from woody). We have not > had time to analyze where the exploit occurs in sshd, but we > are very confident that this is the location of the exploit. > We have begun upgrading to a backport of the testing version > of ssh which appears to be helping. > > Tim Peeler Is there a URL for this backport of which you speak ? Cheers, Raymond
Attachment:
pgpt4GU52sDqo.pgp
Description: PGP signature