My reading on this buffer overflow in ssh1 implementation was that openssh 2.3.0p1 (pretty old) is not vulnerable. Not having an update for Suse 7.0 on the suse site for 7.0 dist also strengthens my belief in that. Though, I would like to have a confirmation. Is there any known vulnerability in openssh 2.3.0p1 implementation? Selcuk On Wed, 21 Nov 2001, Michael Appeldorn wrote:
My first guess too was a vulnerable rpc.stad/portmapper, because the network segment one of the cracked machines resided in received (and receives) a shitload of portmapper and ftp scans, but after some more research and several talks we had with admins of other affected systems, we came to the conclusion that a flaw in the SSH1 protocol has been used to break into the two said systems.
The game is ever the same - you have to harden your box - install a patches - read the tickers 4 new vulns and so more.
harden :
http://www.suse.com/~marc/harden_suse-3.5.tar.gz
after running you've to enable services in /etc/host.allow|deny
patches :
http://www.suse.com/en/support/download/updates/72_i386.html
To hard your sshd you may want to use protokoll 2 only:
do ssh-keygen -d
and modify
/etc/sss/sshd_config as follows
-- Protocol 1,2 ++ Protocol 2
-- PermitRootLogin Yes ++ PermitRootLogin no
-- X11Forwarding Yes ++ X11Forwarding no
further comments welcome
killall -HUP sshd (kills all opened connections too :O)_
Was this helpful ?
Michael Appeldorn
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
--- Selcuk Ozturk eMediaMillWorks, Inc. 1100 Mercantile Lane, Ste 119 Largo, MD 20774 Phone: (301) 883-2482 x121 Fax: (301) 883-9120 Email: sozturk@eMediaMillWorks.com