[Wolves] Debian/Ubuntu SSH Vulnerability

[Barbie]

Hi folks,

Seeing as many of you use Ubuntu or Debian, and I hadn't seen anything
mentioned on the lists about this, I thought it best to post in case any
casual users weren't aware of this. For those that are seasoned users, I
would hope you were already aware of this ;)

This applies to the underlying SSL library, but ssh is the most
affected.

"
There has been a humongous catastrophic failure in a recent
OpenSSL repackage which means that crypto keys (including Ssh keys)
generated by the broken packages are trivially vulnerable to a simple
brute-force attack; scripts and tools to do this are floating around and
in use in the wild.

ISC/SANS just raised their alert level to "yellow"; see a better summary
of the problem, here:

    http://isc.sans.org/diary.php?storyid=4421&rss

(Readers with a publicly-accessible Ssh daemon, especially those not
using scripts to automatically firewall abusive attacking IPs, may
see evidence of this in  /var/log/secure | messages | local
authentication log file.)
"

solution:

  $> apt-get update
  $> apt-get upgrade

if openssh-client or openssh-server is held back from the above:

  $> apt-get install openssh-client openssh-server

Once these are upgraded, you can then run the following:

  $> sudo ssh-vulnkey -a

to see how vulnerable you are. Anything listed as COMPROMISED or
blacklisted should be fix asap. This is usually done by regenerating
your private/public keys and removing any offending entries in
authorized_keys and known_hosts in your .ssh directory.

Feel free to pass on to other lists if you know they have several
Debian/Ubuntu users.

Cheers,
Barbie.
-- 
Birmingham Perl Mongers - http://birmingham.pm.org
Memoirs Of A Roadie - http://barbie.missbarbell.co.uk