SSH vulnerability -- patch now!

Sep. 16th, 2003 12:17 pm
tugrik: (Default)
[personal profile] tugrik
As [livejournal.com profile] reality_fox just found out the hard way, there's a new SSH exploit in the wild. It affects Debian, Gentoo, RedHat and OpenBSD systems (or anything using OpenSSH prior to v3.7). You should close your SSH ports immediately and then go get and apply the SSH patches going online now. I'm doing that at my office in the background while submitting this LJ entry.

Slashdot has more info on the specific bits. Here's a quick cut-paste for redhat users:

1.- Download the file openssh-3.7p1-1.src.rpm from any of the mirrors. For example:
ftp://ftp.easynet.be/openssh/portable/rpm/SRPMS/op enssh-3.7p1-1.src.rpm

2.- Build an .rpm for your RedHat Linux version:

# rpm --rebuild openssh-3.7p1-1.src.rpm

3.- Upgrade your OpenSSH packages:

# rpm -Fvh /usr/src/redhat/RPMS/i386/openssh-*.rpm

4.- Re-start your sshd daemon:

service sshd restart


This is a serious security hole. Many machines are being owned. Good luck on getting through to RedHat to get the 3.7 upgrade... just keep trying!
  • Add Memory
  • Share This Entry
This account has disabled anonymous posting.
If you don't have an account you can create one now.
HTML doesn't work in the subject.
More info about formatting
 
Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.

Profile

tugrik: (Default)
tugrik

March 2010

S M T W T F S
 1234 56
78 910 111213
1415 16 17 181920
21222324252627
28293031   

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Jan. 24th, 2026 04:40 am
Powered by Dreamwidth Studios