On Fri Nov 30, 2001 at 09:50:55AM -0600, Dave Sherman wrote: > Root exploit in SSH -- anybody heard about this? I've shut down my ssh > server, just in case. But I haven't seen anything on Mandrake's security > page for 8.1, nor have I received an announcement from Mandrake. > > http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=100696253318793&w=2 > > I CC'd the security address for Mandrake ... if this was a faux pas, > please forgive.
This was apparently fixed in March with 2.5.2. Since we are at 2.9.9p2 in updates, we should all be safe (well, those of us who have updated anyways). I did receive info from a local LUG member that a friend's RH (I assume) system got rooted, but was using openssh-2.3.0. That is *way* old. From having talked with some other vendors and a member of the openssh team, it looks like this may have to do with the crc32 vulnerability in the ssh1 protocol that was fixed in March. Otherwise it may have to do with the kerberos authentication in openssh, which 3.x fixes (we will be updating openssh for that fix next week probably). Unless someone has evidence of getting rooted on a Mandrake system running openssh 2.9.9p2, I (and many others) are discounting this as simple paranoia based on available exploits for a bug that was fixed roughly 8 months ago. -- vdanen (at) mandrakesoft.com, OpenPGP key available on www.keyserver.net 1024D/FE6F2AFD 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD Current Linux kernel 2.4.8-34.1mdk uptime: 10 days 21 hours 57 minutes.
msg83515/pgp00000.pgp
Description: PGP signature