Mailinglist Archive: opensuse-security (685 mails)

< Previous Next >
Re: [suse-security] openssh
  • From: "andre@do" <andre@xxxxxxxx>
  • Date: Wed, 06 Feb 2002 13:01:57 +0200
  • Message-id: <3C610D25.8080300@xxxxxxxx>
Muhic Mirza wrote:

oki but what about private 'sploitz usualy there is no public information s
about it but machines are hacked from unknown reasons, what is with that ..
Does anybody hear about new sploit for apache al versions < 1.3.22 ??????
there are some bugs in mod_php and by the apache attacker getting root shell
on your machine ?? it not just story it s reality cause i have seen these
hacked server s last days with that sploit .. also that is private sploit
and nobody on apache web site or other security sites does not discus yet
about that .
One thing is sure : nothing is not sure in fact .



thats why we have stuff like snort. i don't know of any private openssh
exploit out there. (i guess neither do the developers of openssh - otherwise they would be morally obliged to tell us)
there are rumours about a bind 9 exploit too - i haven't seen it either.
using the latest version doesn't protect you from unknow exploits.
using SuSE Linux you know that there's a team of very well respected
individuals that will resolve any known security issue - quickly.

hth

andre



Muhic Mirza wrote:


Hm , i am find same problem , on the suse site i did not can find rpm s

of

newset version openssh :) as i have to se it is 3.0p2 version bacause

all

off previus versions are vurneable . Finaly i am find there rpm. on some
site , rpmfind.net but i cant install it on suse 7.0 7.1 7.3 , al these
version s i am try :) rpm progres show s that is everything installed ok

but

there s no ssh services on my machine. so finaly i am downloaded source

code

, openssh 3.op2. requires openssl already installed :)

From the security reasons it is strongly recomended to use latest

version


openssh-2.9.9p2-74 is available from suse or mirrors.
it isn't vulnerable to any known 'sploit - imho the guys
in the security team is fantastic. (thanks guys)

hth


andre




< Previous Next >