[juneau-lug] ssh exploit

• From: Myron Davis <myrond@xxxxxxxxxxx>
• To: juneau-lug@xxxxxxxxxxxxx
• Date: Tue, 16 Sep 2003 20:23:21 -0700

Just in case nobody has caught it there is a live ssh exploit which
affects anything under openssh 3.7.
for convenience some info on what patches:
debian: ssh_3.6.1p2-6.0_i386.deb or later
or        ssh 1:3.4p1-1.1

openbsd: 3.7 or later (openssh-3.7p1.tar.gz)

redhat: up2date -u
-OR-
openssh-3.7p1-1.rpm

gentoo: 
Just go to your net-misc/openssh directory:

    * cp openssh-3.6.1_p2.ebuild openssh-3.7_p1.ebuild
    * emerge --update openssh

The emerge will fetch the file and complain that there is no digest.

    * ebuild openssh-3.7_p1.ebuild digest
    * emerge --update openssh

most other distros: 3.7p1

also an easy way to check the version that is running:
telnet host 22 :)

-Myron

-- Attached file included as plaintext by Ecartis --

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE/Z9OpnfM/KCuG6/IRAizIAJ0Y5FvrGDkJ+JQ4l+3YSUkkjJz0UwCfTIhp
194uVW8j51g+wg7s9Zy6OoM=
=wlNK
-----END PGP SIGNATURE-----



------------------------------------
This is the Juneau-LUG mailing list.
To unsubscribe, send an e-mail to juneau-lug-request@xxxxxxxxxxxxx with the 
word unsubscribe in the subject header.

• Follow-Ups:
  • [juneau-lug] Re: ssh exploit
    • From: James Zuelow
  • [juneau-lug] Re: ssh exploit
    • From: Jacob Gemmell

Other related posts:

• » [juneau-lug] ssh exploit
• » [juneau-lug] Re: ssh exploit
• » [juneau-lug] Re: ssh exploit
• » [juneau-lug] Re: ssh exploit

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription