[Dshield] openssh update

Johannes Ullrich jullrich at euclidian.com
Tue Sep 16 14:50:20 GMT 2003


The vulnerability only effects OpenSSH, no other ssh version AFAIK.

I started a writeup with links to the preliminary advisory at
http://isc.sans.org/diary.html

On Tue, 2003-09-16 at 10:27, David J. Bianco wrote:
> Do you have a pointer to more details on this vulnerability?  I searched
> my dshield folder, and didn't find any discussion.  Also, I didn't
> find it on Google or on the OpenSSH.org web site.  How severe is this
> problem?
> 
> 	Thanks,
> 	  David
> 
> Johannes Ullrich wrote:
> > a new version of openssh has been released this morning. This version
> > includes some patches to fix vulnerabilities discussed yesterday. It is
> > not clear if they are exploitable, but rumor has it that there is an
> > exploit going around in the underground.
> > 
> > If you use openssh and know how to build it from source, you may give it
> > a try. I have not heard of any updates from major Linux distributions at
> > this point.
> > 
> > If you are not upgrading right away, try to limit access to your ssh
> > server to trusted IP addresses. 
> > 
> > You should enable privilege separation. It is not clear if this will
> > prevent the current exploit. But it is likely to make it harder to use
> > any exploit.
> > 
> > As always, verify PGP signatures when downloading the source package. 
> > 
> > 
> > Please forward any observations/comments off or on list.
> > 
-- 
--------------------------------------------------------------
Johannes Ullrich                     jullrich at euclidian.com
pgp key: http://johannes.homepc.org/PGPKEYS
--------------------------------------------------------------
   "We regret to inform you that we do not enable any of the 
    security functions within the routers that we install."
         support at covad.net
--------------------------------------------------------------





More information about the list mailing list