[Gllug] [Fwd: SSH Security Advisory: Centos (and other distros)]
Andy Millar
andy at andymillar.co.uk
Wed Jul 8 07:32:08 UTC 2009
On Wed, 2009-07-08 at 08:23 +0100, Jon Fautley wrote:
>
> So you've got an email from someone asking you to go and install some
> "random" SSH RPMs from a non-vendor site, because of a security hole
> they're not disclosing (or, in fact, confirming)?
Given that we have Red Hat Employees people on this list, can anyone
from Red Hat actually confirm or deny that this is an issue.
Despite this issue having been around since Saturday:
http://archives.neohapsis.com/archives/fulldisclosure/2009-07/0028.html
There is surprisingly little noise about it.
Other references to it appear to be a copy and paste job, i.e.
http://secer.org/hacktools/0day-openssh-remote-exploit.html
http://baoz.net/0day-openssh-remote-exploit/
And add no additional detail to the exploit.
If you look around, you'll also find an apparent pcap trace of the
exploit being used:
http://www.webhostingtalk.com/showpost.php?p=6269596&postcount=5
But that still doesn't really add much to the argument as ssh data is
(duh!) encrypted.
There have also been guesses as to which RHN update introduced the bug,
and it looks like the current favourite apparently is:
https://rhn.redhat.com/errata/RHBA-2009-0209.html
There are no real details (and no timings) relating to any of the
claims. For all we know, the "0pen0wn" script could just brute force
sshd and the owner of the exemplar system just having poor passwords?
Andy
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list