There is a remote root exploit for OpenSSH <3.7 (note 3.7 was released today) Check your vendor or get the latest sources or apply the patch from the link below. http://www.openssh.com/txt/buffer.adv Matt
On Tuesday 16 September 2003 15:46, Matt Higgins wrote:
There is a remote root exploit for OpenSSH <3.7 (note 3.7 was released today) Check your vendor or get the latest sources or apply the patch from the link below.
the openssh ftp server has been swamped this morning (well since the /. bastards got to it ;D) i mirrored the file before it was /. so if you cant find it, it's at WPI here: http://wh0rd.de/gentoo/distfiles/openssh-3.7p1.tar.gz for you Gentoo users, the update has been on rsync mirrors for a few hours now so just `emerge sync ; emerge -u openssh ; /etc/init.d/sshd restart` ;) -mike
Also, I would be wary and watch for updates in the immediate future. While the buffer.c fix is _an_ update, many are saying it's not remotely exploitable, which begs the question what is exploiting all the reportedly rooted machines that people are claiming to have the latest version of OpenSSH (with PrivSep) running on. Of course, it's the Internet, so any number of people can and are talking out of their a**es, so I'd wait for the dust to settle and keep an eye on this one (but update now, of course). -b
On Tuesday 16 September 2003 15:46, Matt Higgins wrote:
There is a remote root exploit for OpenSSH <3.7 (note 3.7 was released today) Check your vendor or get the latest sources or apply the patch from the link below.
the openssh ftp server has been swamped this morning (well since the /. bastards got to it ;D) i mirrored the file before it was /. so if you cant find it, it's at WPI here: http://wh0rd.de/gentoo/distfiles/openssh-3.7p1.tar.gz for you Gentoo users, the update has been on rsync mirrors for a few hours now so just `emerge sync ; emerge -u openssh ; /etc/init.d/sshd restart` ;) -mike
"Brian J. Conway" <bconway@alum.WPI.EDU> writes:
Also, I would be wary and watch for updates in the immediate future. While the buffer.c fix is _an_ update, many are saying it's not remotely exploitable, which begs the question what is exploiting all the reportedly rooted machines that people are claiming to have the latest version of OpenSSH (with PrivSep) running on. Of course, it's the Internet, so any number of people can and are talking out of their a**es, so I'd wait for the dust to settle and keep an eye on this one (but update now, of course).
Exactly my thoughts. This is why my ssh port is still IP restricted for the moment :) -- Josh Huber
for those of you who havent upgraded yet, 3.7.1p1 has been released to 'fix similar issues' :) ftp://ftp.ca.openbsd.org/pub/OpenBSD/OpenSSH/portable/ChangeLog - (djm) OpenBSD Sync - markus@cvs.openbsd.org 2003/09/16 21:02:40 [buffer.c channels.c version.h] more malloc/fatal fixes; ok millert/deraadt; ghudson at MIT.EDU http://wh0rd.de/gentoo/distfiles/openssh-3.7.1p1.tar.gz -mike
On Tue, Sep 16, 2003 at 09:04:59PM -0400, Mike Frysinger wrote: vapier> for those of you who havent upgraded yet, 3.7.1p1 has been released to 'fix vapier> similar issues' :) #@#%&(#!! I just upgraded! Those bastards! -- Charles R. Anderson <cra@wpi.edu> / http://angus.ind.wpi.edu/~cra/ PGP Key ID: 49BB5886 Fingerprint: EBA3 A106 7C93 FA07 8E15 3AC2 C367 A0F9 49BB 5886
That's okay, you don't have to. Just let us know what IPs will be running 3.7p1. ;-) -b
On Tue, Sep 16, 2003 at 09:04:59PM -0400, Mike Frysinger wrote: vapier> for those of you who havent upgraded yet, 3.7.1p1 has been released to 'fix vapier> similar issues' :)
#@#%&(#!! I just upgraded! Those bastards!
-- Charles R. Anderson <cra@wpi.edu> / http://angus.ind.wpi.edu/~cra/ PGP Key ID: 49BB5886 Fingerprint: EBA3 A106 7C93 FA07 8E15 3AC2 C367 A0F9 49BB 5886
_______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
participants (5)
-
Brian J. Conway -
Charles R. Anderson -
Josh Huber -
Matt Higgins -
Mike Frysinger