back to article OpenSSH exploit rumours swarm

Rumours are circulating about the active exploitation of systems running older versions of OpenSSH, the open source remote administration utility. Security watchers at the SANS Institute's Internet Storm Centre report circumstantial evidence of a mischief, including a log ostensibly showing an attack in progress, posted last …

COMMENTS

This topic is closed for new posts.
Black Helicopters

Is it that unrelated?

Aren't anti-sec (who are possibly involved in the openSSh 0day) and milw0rm rather indisposed towards each other?

Is there some big game going on here?

0
0
Alert

Too fresh with the post button

Also worth noting (?) is that several hosts are said to be taking this very seriously and have disabled ssh access.

Hostgator has certainly done this, and even claims to be patching something. Whether that just means they're updating packages or not I have no idea.

http://forums.hostgator.com/showpost.php?p=176747&postcount=59

0
0

"Too busy with other projects to maintain..."

Honestly, that excuse is starting to become as see-through as "I want to spend more time with my family"

0
0
Flame

A little salt.

While I'm not denying this vulnerability is possible, I do think it's worth mentioning that recently there's been a rather big jump in the number of totally unknown groups/people posting exploit "logs" with no explanation and no technical details.

Quite a few of these have been confirmed as fake. Astalavista was supposedly hacked using a LightSpeed exploit which has now been (essentially) confirmed to be technically impossible. Another log, supposedly utilizing this SSH exploit, has been confirmed as fake; rather amusingly the sysadmin in question was hacked through a more basic flaw, and then falsified the logs in order to save face (he ran a security website)

To be honest, even the logs themselves look rather suspect. I've seen various copies where the naming scheme and parameters have changed, and where there are obvious inaccuracies in the timestamps.

I'm not saying it's not true, I'm saying this has all come at a very convenient time and not to believe everything you read.

0
0
Gates Horns

OpenSSH and Redhat devs discuss

http://lists.mindrot.org/pipermail/openssh-unix-dev/2009-July/027730.html

0
0
Silver badge
WTF?

So another typical day on the internet then!

Ah the wonderful ability for the internet to take a small rumour and some dodgy "evidence" and blow it out of all proportion!

OK, wise to be safe than sorry, but all a credible security organisation has to go on is log file that might be fake, and they are crowing about OpenSSH has a major flaw? Come on , going to need a little bit more than that to go on before I start closing up shop!

0
0
Silver badge
FAIL

No s**t Sherlock

"Red Hat Enterprise Linux ships with OpenSSH as a component and may therefore need upgrading"

As does just about every other *nix based system.

0
0
Pirate

Black Hat

I think what you /meant/ to say was:

"...an exploit against older versions of OpenSSH might be presented AT Black Hat,.."

That would be the rather well-known Black Hat / Defcom conference come party, as usual supplying silly-season fodder to liven up July *and* August. How's that for value?

http://www.blackhat.com/html/bh-usa-09/bh-us-09-main.html

0
0
Flame

@Gordon Ross - Smartarse

RedHat ships with OpenSSH 4.3 with the patches backported in, as opposed to most other Linux distributions who now ship the latest release.

0
0
Badgers

Suspcious log

This doesn't look at all right. That log (the second one linked) doesn't have an RHEL5 kernel and doesn't have the RHEL5 apache. Other things don't look quite right either. Just googling for the kernel version -- 2.6.24.5-grsec-hostnoc-4.0.0-x86_64-libata -- throws up a lot of stuff about this supposed exploit.

I'm not buying this until there's better evidence than one oft-repeated log of dubious veracity.

0
0
Boffin

Not so hard

"Red Hat Enterprise Linux ships with OpenSSH as a component and may therefore need upgrading"

So hard.

yum update openssh*

y

Then for good measure: service sshd restart

Ooh, so hard a monkey could even do it.

0
0
This topic is closed for new posts.

Forums