 | View Full Version : Going to get Hacked again, new issue with OpenSSH Blight 03-07-2002, 12:40 PM According to: http://www.pine.nl/advisories/pine-cert-20020301.txt There may be another root exploit involving SSH. Are we vulnerable? How do we fix it? jucebro 03-07-2002, 01:29 PM Looks like bad news. Has anybody tried that patch? While were on the subject of security, might want to check this out: http://packetstorm.linuxsecurity.com/0203-exploits/Colbalt-RAQ-v4.txt mlx 03-07-2002, 02:33 PM The good news (if I understood it correctly) is that it *only* allows local users to gain root. So if you don't give your customers shell access you should be safe I guess. Might be a good idea anyway to update openshh, they released a new version today => http://www.openssh.com adad 03-08-2002, 03:16 AM Is there a pkg version available? I couldn't find it in their site. mpalamar 03-08-2002, 11:57 AM Originally posted by Blight According to: http://www.pine.nl/advisories/pine-cert-20020301.txt Are we vulnerable? How do we fix it? New package available at http://pkgmaster.com/packages/raq/3/#openssh Mike jucebro 03-08-2002, 12:58 PM has anybody installed pkg's from this source (http://pkgmaster.com) before? I read somewhere about a new non-cobalt php pkg that was sending info back to the person who made the pkg. Can this source trusted? mlx 03-08-2002, 01:06 PM pkgmaster.com is operated by the same guys who operated http://pkg.nl.cobalt.com (which had to be closed for some reason). So I guess you can trust them. adad 03-08-2002, 01:16 PM I've installed this package right now. Seems to be no problem so far. I've always trusted the guys who operated http://pkg.nl.cobalt.com. Their packages always worked like a charm. Blight 03-09-2002, 06:59 AM This package exposes previous possible vulnerabilities, here's how to make it a bit more secure: login. su to root. type: pico -w /etc/ssh/sshd_config at the top of the file, change: Port 22 to: Port xxxx (but choose an actual number in place of the small x characters) Also change: Protocol 2,1 to: Protocol 2 exit out of pico (control+x). Yes to save. type: /etc/rc.d/init.d/sshd restart dutchie 03-09-2002, 09:40 AM Don't forget to remove the # in front of the line you change. Blight 03-09-2002, 04:17 PM Actually, I didn't remove the "#" and it still worked... NoComment 03-09-2002, 05:17 PM If you don't activate the setting by uncommenting that line OpenSSH will by default try both protocol 2 and 1. Mike the newbie 03-09-2002, 06:16 PM Originally posted by jucebro has anybody installed pkg's from this source (http://pkgmaster.com) before? I read somewhere about a new non-cobalt php pkg that was sending info back to the person who made the pkg. Can this source trusted? pkgmaster is Taco, previously known as the pkg.nl.cobalt.com site. Taco provides excellent support for his packages on the cobalt-users mailing list. I can't tell you to trust him or not, but I know that I trust him. I installed his ssh package this afternoon. |