[Securityalerts] SECURITY: OpenSSH Vulnerability
efm at tummy.com
efm at tummy.com
Tue Sep 16 18:54:53 MDT 2003
======================
tummy.com Security Announcement
tummy.com, ltd.
<securityannounce at tummy.com>
2003-09-16
OpenSSH Vulnerability
Remote root exploit
CVE: CAN-2003-0693
===================================
Greetings.
A new vulnerability has been found in the OpenSSH secure remote access
utility.
OpenSSH is a critical security tool. Vulnerabilities in OpenSSH can
compromise all computers on your network.
The attack makes a large number of ssh connections and attempts
various offsets until it finds one that works permitting root login.
As well as updating all of your systems, you may want to consider
tightening your firewall rules to restrict the IP addresses which can
connect to your SSH port as a security measure.
For more information see:
https://rhn.redhat.com/errata/RHSA-2003-279.html
KRUD subscribers can upgrade from our krud-9-security, krud-8.0-security
or krud-7.3-security krud2date:
For KRUD-9:
krud2date -i -d krud-9-security \
-p cgi:http://krud2date.tummy.com/krud2date.cgi
Updates for 8.0 and 7.3 will be available later today:
For KRUD-8.0:
krud2date -i -d krud-8.0-security \
-p cgi:http://krud2date.tummy.com/krud2date.cgi
For KRUD-7.3:
krud2date -i -d krud-7.3-security \
-p cgi:http://krud2date.tummy.com/krud2date.cgi
Please feel free to contact us if you have any questions or comments about
this announcement. You can reach us at (970)-494-0355 or by email at
security at tummy.com
--
Regards, tummy.com, ltd
Evelyn Mitchell Linux Consulting since 1995
efm at tummy.com Senior System and Network Administrators
http://www.tummy.com/
More information about the Securityalerts
mailing list