Muhic Mirza wrote:
oki but what about private 'sploitz usualy there is no public information s about it but machines are hacked from unknown reasons, what is with that .. Does anybody hear about new sploit for apache al versions < 1.3.22 ?????? there are some bugs in mod_php and by the apache attacker getting root shell on your machine ?? it not just story it s reality cause i have seen these hacked server s last days with that sploit .. also that is private sploit and nobody on apache web site or other security sites does not discus yet about that . One thing is sure : nothing is not sure in fact .
thats why we have stuff like snort. i don't know of any private openssh exploit out there. (i guess neither do the developers of openssh - otherwise they would be morally obliged to tell us) there are rumours about a bind 9 exploit too - i haven't seen it either. using the latest version doesn't protect you from unknow exploits. using SuSE Linux you know that there's a team of very well respected individuals that will resolve any known security issue - quickly. hth andre
Muhic Mirza wrote:
Hm , i am find same problem , on the suse site i did not can find rpm s
of
newset version openssh :) as i have to se it is 3.0p2 version bacause
all
off previus versions are vurneable . Finaly i am find there rpm. on some site , rpmfind.net but i cant install it on suse 7.0 7.1 7.3 , al these version s i am try :) rpm progres show s that is everything installed ok
but
there s no ssh services on my machine. so finaly i am downloaded source
code
, openssh 3.op2. requires openssl already installed :)
From the security reasons it is strongly recomended to use latest
version
openssh-2.9.9p2-74 is available from suse or mirrors. it isn't vulnerable to any known 'sploit - imho the guys in the security team is fantastic. (thanks guys)
hth
andre