Re: HEAD's UP: possible 0day SSH exploit in the wild

To: debian-security@lists.debian.org
Subject: Re: HEAD's UP: possible 0day SSH exploit in the wild
From: Clemens Pfaffinger <clpfaffinger@gmail.com>
Date: Tue, 7 Jul 2009 22:32:50 +0200
Message-id: <[🔎] d2a5e9e0907071332o55e15262tc226e6b046c14697@mail.gmail.com>
In-reply-to: <[🔎] 20090707200520.GB12184@khazad-dum.debian.net>
References: <[🔎] 20090707200520.GB12184@khazad-dum.debian.net>

Hi,

thanks for this information!
I just hope that this is a hoax.
What would you suggest for securing a server running openSSH?
How can I notice such an attack in my log files?

Cheers

________________________________________
Kontaktinformationen
clemens@csrv.at
www.cdev.at

2009/7/7 Henrique de Moraes Holschuh <hmh@debian.org>

As usual, you may want to either raise shields (i.e. disable/restrict access
to the ssh service), or pay extra attention to what is happening on your SSH
inbound gateways...

http://lwn.net/Articles/340360/
http://isc.sans.org/diary.html?storyid=6742
http://secer.org/hacktools/0day-openssh-remote-exploit.html

Yes, it could be a hoax, and I sure hope that's all it is...

--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh

--
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- HEAD's UP: possible 0day SSH exploit in the wild
  - From: Henrique de Moraes Holschuh <hmh@debian.org>

Prev by Date: Re: HEAD's UP: possible 0day SSH exploit in the wild
Next by Date: Re: HEAD's UP: possible 0day SSH exploit in the wild
Previous by thread: HEAD's UP: possible 0day SSH exploit in the wild
Next by thread: Re: HEAD's UP: possible 0day SSH exploit in the wild
Index(es):
- Date
- Thread