ATTN: All Unix Dedicated Server Owners (Major security flaw) - GoFuckYourself.com

Dreamman010 · 07-01-2002, 11:47 AM

Hello,

A new exploit for OpenSSH has just been released on BUGTRAQ (security message board) that affects OpenSSH (the daemon that you use for remote administration). Versions affected by the exploit are: OpenSSH 2.9.9 - 3.3
The easiest way to check which version you are running is to open telnet and connect to port 22 on your server. It will tell you the version. If you do not upgrade your system, it can be compromised sooner or later and get trojaned.

More information on the exploit/vulnerability can be found here:

http://www.cert.org/advisories/CA-2002-18.html

Lastly, about a week ago, there was another exploit released for Apache 1.3.24 and below. I really suggest you to upgrade to 1.3.26 because a worm that is operating in the wild has already been released and you could be the next victim. More information about the Apache flaw can be found here: http://www.cert.org/advisories/CA-2002-17.html

So in general, if you don't want to get compromised, upgrade to Apache 1.3.26 and OpenSSH 3.4 immediately.

Feel free to contact me via ICQ 11611813 if you have any questions.

-Dreamman

Petr · 07-01-2002, 11:51 AM

(Actually, the news about openssh bug is about one week old...)

Nysus · 07-01-2002, 12:34 PM

Yeah - It's a bit old.

Cheers,
Matt

07-01-2002, 11:47 AM	#1
Dreamman010 Confirmed User Join Date: Jan 2002 Location: Toronto, ON, Canada Posts: 1,081	ATTN: All Unix Dedicated Server Owners (Major security flaw) Hello, A new exploit for OpenSSH has just been released on BUGTRAQ (security message board) that affects OpenSSH (the daemon that you use for remote administration). Versions affected by the exploit are: OpenSSH 2.9.9 - 3.3 The easiest way to check which version you are running is to open telnet and connect to port 22 on your server. It will tell you the version. If you do not upgrade your system, it can be compromised sooner or later and get trojaned. More information on the exploit/vulnerability can be found here: http://www.cert.org/advisories/CA-2002-18.html Lastly, about a week ago, there was another exploit released for Apache 1.3.24 and below. I really suggest you to upgrade to 1.3.26 because a worm that is operating in the wild has already been released and you could be the next victim. More information about the Apache flaw can be found here: http://www.cert.org/advisories/CA-2002-17.html So in general, if you don't want to get compromised, upgrade to Apache 1.3.26 and OpenSSH 3.4 immediately. Feel free to contact me via ICQ 11611813 if you have any questions. -Dreamman __________________ <a href="http://www2.famoushost.com/home.php" target="_blank"><b><FONT COLOR="FFFF00">www.FamousHost.com</font></b></a><br>Free Hosting With No Headers, Real FTP, <u>Get listed on the biggest TGP's with us!</u> Last edited by Dreamman010; 07-01-2002 at 12:02 PM..

07-01-2002, 11:51 AM	#2
Petr Confirmed User Join Date: Mar 2002 Posts: 502	(Actually, the news about openssh bug is about one week old...)

07-01-2002, 12:34 PM	#3
Nysus Confirmed User Industry Role: Join Date: Aug 2001 Posts: 7,817	Yeah - It's a bit old. Cheers, Matt