SSH - Preparing for the big one (was Re: SSH Exploit Revealed (fwd))
Bob George
plug-discuss@lists.plug.phoenix.az.us
Wed, 26 Jun 2002 11:38:31 -0700
Jay wrote:
>*** OpenSSH Remote Root Exploit ***
>
>Hey all. I just sent this to AZIPA and considering the severe impact of a
>remote root exploit, and the fact that many of you are probably running
>OpenSSH, I thought I'd forward it to PLUG too. Details below:
>
I've been following this with some concern since I run ssh for my little
routing lab. That *used* to make me feel better.
Anyhow, I'm running Debian and just did an apt-get dist-upgrade to
OpenSSH 3.3p1-0.0potato6. I run sshd only on a non-default port *not*
covered by nmap by default. I think I'm in pretty good shape, but wanted
to check with others and see if there are any other recommendations
(short of shutting it off).
I also noticed the following in my log today. I had updated to 3.3 a
couple of days ago, so that's what was running when this showed. I just
don't know enough about the innards of ssh to know if this is an issue:
Jun 26 07:50:09 localhost sshd[14694]: fatal: mm_request_send: write
Thanks to logcheck, things like that get noticed. That's the only
occurence, and everything else looks like normal activity.
- Bob