[TCLUG] [Fwd: Re: Root exploit in SSH]

Fri Nov 30 15:32:11 CST 2001

-----Forwarded Message-----

> From: Vincent Danen <vdanen at mandrakesoft.com>
> To: Dave Sherman <dsherman at real-time.com>
> Cc: Mandrake-newbie <newbie at linux-mandrake.com>, Mandrake-expert <expert at linux-mandrake.com>, security at linux-mandrake.com
> Subject: Re: Root exploit in SSH
> Date: 30 Nov 2001 13:27:30 -0700
> 
> On Fri Nov 30, 2001 at 09:50:55AM -0600, Dave Sherman wrote:
> 
> > Root exploit in SSH -- anybody heard about this? I've shut down my ssh
> > server, just in case. But I haven't seen anything on Mandrake's security
> > page for 8.1, nor have I received an announcement from Mandrake.
> > 
> > http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=100696253318793&w=2
> > 
> > I CC'd the security address for Mandrake ... if this was a faux pas,
> > please forgive.
> 
> This was apparently fixed in March with 2.5.2.  Since we are at
> 2.9.9p2 in updates, we should all be safe (well, those of us who have
> updated anyways).  I did receive info from a local LUG member that a
> friend's RH (I assume) system got rooted, but was using
> openssh-2.3.0.  That is *way* old.
> 
> >From having talked with some other vendors and a member of the openssh
> team, it looks like this may have to do with the crc32 vulnerability
> in the ssh1 protocol that was fixed in March.  Otherwise it may have
> to do with the kerberos authentication in openssh, which 3.x fixes (we
> will be updating openssh for that fix next week probably).
> 
> Unless someone has evidence of getting rooted on a Mandrake system
> running openssh 2.9.9p2, I (and many others) are discounting this as
> simple paranoia based on available exploits for a bug that was fixed
> roughly 8 months ago.
> 
> -- 
> vdanen (at) mandrakesoft.com, OpenPGP key available on www.keyserver.net
> 1024D/FE6F2AFD   88D8 0D23 8D4B 3407 5BD7  66F9 2043 D0E5 FE6F 2AFD
> 
> Current Linux kernel 2.4.8-34.1mdk uptime: 10 days 21 hours 57 minutes.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20011130/beec80fa/attachment.pgp