Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 3 subscribers
  • Views 2360 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

New ssh exploit

tank
Just wondering if Astaro is vulenarble(sp?) to the lastest "possible" ssh exploit.

What version of ssh is Astaro using anyhow?
  


This thread was automatically locked due to age.
  • 0
    I would assume it is since the only version that isn't vulnerable is OpenSSH 3.7 which was released today.  

    http://www.openssh.com/txt/buffer.adv

    This was sent to me from a guy I work with around 12 today:

    There appears to be a major OpenSSH vulnerability that is quietly being 
    exploited at some high-profile targets.  OpenSSH 3.7p1 was released
    earlier this am. Linux appears to be particularly vulnerable; 
    no clear information on others such as OpenBSD, nor other 
    versions/implementations of SSH.  

    Note that there are many implementations of SSH that run on many devices,
     including network appliance-class devices.

    Until more information is available, system operators should
    patch your systems to OpenSSH >= 3.7p1 and check your firewalls 
    allowing SSH only from trusted sources.  
  • 0 in reply to uncue75
    Hi!

    If you maybe did not see it yet, there are Up2date-s awailable for all versions of ASL, which are repairing that vulnerability.
    Check it  here! 

    BR Matjaz 
  • 0 in reply to Matjaz
    Thanks, but we didn't see the update because it hadn't been posted yet.    
  • 0 in reply to uncue75
    Well, I don't think there is an actual exploit for this yet, but definately update anyway. I know on FreeBSD, this issue cannot cause an exploit more serious than shutting down the sshd process... But Linux may not be quite as well behaved.