Re: HEAD's UP: possible 0day SSH exploit in the wild

To: debian-security@lists.debian.org
Subject: Re: HEAD's UP: possible 0day SSH exploit in the wild
From: Jeroen van Drongelen <jeroen@naturewebdesign.eu>
Date: Tue, 7 Jul 2009 23:20:53 +0200
Message-id: <[🔎] a701f7720907071420q43aaf21er63e3d405a184c1fa@mail.gmail.com>
In-reply-to: <[🔎] f9971d420907071415m306cb47bhad3619ee288b20e4@mail.gmail.com>
References: <[🔎] 4A53AD2B.4080500@techsupport.lt> <[🔎] 4A53B1CF.509@abi007.info> <[🔎] f9971d420907071415m306cb47bhad3619ee288b20e4@mail.gmail.com>

It's helpfull indeed but withe a portscan they can easly find the other port of openssh.

If have shutdown the openssh service untill i know wich version is attackable by this exploit or when they have a solution for it.

Regards,
Jeroen

2009/7/7 Leandro Minatel <leandrominatel@gmail.com>

Hi,

a good practice, at least for me, is put openssh to listen in a different port than the default. I know, it's not the perfect solution.

Regards.

Reply to:

Follow-Ups:
- Re: HEAD's UP: possible 0day SSH exploit in the wild
  - From: Leandro Minatel <leandrominatel@gmail.com>

References:
- Re: HEAD's UP: possible 0day SSH exploit in the wild
  - From: "Ramunas / techsupport.lt" <ramunas@techsupport.lt>
- Re: HEAD's UP: possible 0day SSH exploit in the wild
  - From: Justus <justus@abi007.info>
- Re: HEAD's UP: possible 0day SSH exploit in the wild
  - From: Leandro Minatel <leandrominatel@gmail.com>

Prev by Date: Re: HEAD's UP: possible 0day SSH exploit in the wild
Next by Date: Re: HEAD's UP: possible 0day SSH exploit in the wild
Previous by thread: Re: HEAD's UP: possible 0day SSH exploit in the wild
Next by thread: Re: HEAD's UP: possible 0day SSH exploit in the wild
Index(es):
- Date
- Thread