Hello,
A new exploit for OpenSSH has just been released on BUGTRAQ (security message board) that affects OpenSSH (the daemon that you use for remote administration). Versions affected by the exploit are: OpenSSH 2.9.9 - 3.3
The easiest way to check which version you are running is to open telnet and connect to port 22 on your server. It will tell you the version. If you do not upgrade your system, it can be compromised sooner or later and get trojaned.
More information on the exploit/vulnerability can be found here:
http://www.cert.org/advisories/CA-2002-18.html
Lastly, about a week ago, there was another exploit released for Apache 1.3.24 and below. I really suggest you to upgrade to 1.3.26 because a worm that is operating in the wild has already been released and you could be the next victim. More information about the Apache flaw can be found here: http://www.cert.org/advisories/CA-2002-17.html
So in general, if you don't want to get compromised, upgrade to Apache 1.3.26 and OpenSSH 3.4 immediately.
Feel free to contact me via ICQ 11611813 if you have any questions.
-Dreamman
A new exploit for OpenSSH has just been released on BUGTRAQ (security message board) that affects OpenSSH (the daemon that you use for remote administration). Versions affected by the exploit are: OpenSSH 2.9.9 - 3.3
The easiest way to check which version you are running is to open telnet and connect to port 22 on your server. It will tell you the version. If you do not upgrade your system, it can be compromised sooner or later and get trojaned.
More information on the exploit/vulnerability can be found here:
http://www.cert.org/advisories/CA-2002-18.html
Lastly, about a week ago, there was another exploit released for Apache 1.3.24 and below. I really suggest you to upgrade to 1.3.26 because a worm that is operating in the wild has already been released and you could be the next victim. More information about the Apache flaw can be found here: http://www.cert.org/advisories/CA-2002-17.html
So in general, if you don't want to get compromised, upgrade to Apache 1.3.26 and OpenSSH 3.4 immediately.
Feel free to contact me via ICQ 11611813 if you have any questions.
-Dreamman
Comment