Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
ssh reminder
  • From: Thomas Lamy <Thomas.Lamy@xxxxxxxxxx>
  • Date: Mon, 14 Jan 2002 06:51:42 +0100
  • Message-id: <656F04F343FC25409463829A15B5FDDC08AE2E@xxxxxxxxxxxxxxxxxxxxx>
Hi all,

just to remind some of the lazy ones out there: the ssh crc32 compensation
attack is (again) actively being exploitet. From one attack I have actively
monitored, there were about 10 machines compromized in one night, after
being scanned some days before. I phoned some of the admins, and most of
them knowed that the problem exists (most of them were running SuSE 7.0),
but were too lazy to fix it.

See:
http://www.suse.de/de/support/security/2001_045_openssh_txt.txt
http://www.suse.de/de/support/security/2001_044_openssh_txt.txt
http://www.suse.de/de/support/security/adv004_ssh.txt
http://www.suse.de/de/support/security/2000_047_openssh_txt.txt
http://defaced.alldas.de/mirror/2002/01/10/accounting.nordwest.net/
http://defaced.alldas.de/mirror/2002/01/10/custmx.ingolstadt-online.net/
http://defaced.alldas.de/mirror/2001/12/30/spider.tmag.de/

Cu,
Thomas

< Previous Next >
Follow Ups