security SSH high risk
From: DFX, s.r.o. - Michal Sedlak (sedlak_at_dfx.sk)
Date: 08/31/05
- Previous message: TreeBoy: "Re: How to send hostname through DHCP more often."
- Next in thread: John Hasler: "Re: security SSH high risk"
- Reply: John Hasler: "Re: security SSH high risk"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: <debian-user@lists.debian.org> Date: Wed, 31 Aug 2005 18:46:59 +0200
Hi,
I have OpenSSH
OpenSSH_3.8.1p1 Debian-8.sarge.4, OpenSSL 0.9.7e 25 Oct 2004
security audit check said that :
----------------------------------
You are running a version of SSH which is older than (or as old as) version
1.2.27. If this version was compiled against the RSAREF library, then it is
very
likely to be vulnerable to a buffer overflow which may be exploited by an
attacker to gain root privileges on your system.
To determine if you compiled ssh against the RSAREF library, type 'ssh -V'
on the remote host.
Risk factor : High
Solution : Use ssh 2.x, or do not compile ssh against the RSAREF library
-----------------------------------
Can anybody say if is that true, nad what to do with it?
ssh -V gives back -> OpenSSH_3.8.1p1 Debian-8.sarge.4, OpenSSL 0.9.7e 25 Oct
2004
Michal Sedlak
technical manager
E-mail: sedlak@dfx.sk
Mobil: +421 910 539 867
---------------------------------------
DFX, s.r.o.
Dubravska cesta 9
SK 84105 Bratislava
Tel.: +421 2 5465 0336
Fax: +421 2 5465 0337
www.dfx.sk
-------------------------------------
-- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
- Previous message: TreeBoy: "Re: How to send hostname through DHCP more often."
- Next in thread: John Hasler: "Re: security SSH high risk"
- Reply: John Hasler: "Re: security SSH high risk"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|