[49269] in North American Network Operators' Group
Re: SSHD
daemon@ATHENA.MIT.EDU (Karsten W. Rohrbach)
Thu Jun 27 13:01:44 2002
Date: Thu, 27 Jun 2002 19:00:57 +0200
From: "Karsten W. Rohrbach" <karsten@rohrbach.de>
To: nanog@merit.edu
In-Reply-To: <20020626204028.GA4743@UnderGrid.net>; from Jeremy.Bouse@UnderGrid.net on Wed, Jun 26, 2002 at 01:40:28PM -0700
Errors-To: owner-nanog-outgoing@merit.edu
--9Ek0hoCL9XbhcSqy
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Jeremy T. Bouse(Jeremy.Bouse@UnderGrid.net)@2002.06.26 13:40:28 +0000:
> Just be sure you read the full advisory and look deep into it
> and your own configuration. Recent news has come to light which appears
> that it is most *BSD OS flavors and those using BSD_AUTH and SKEY. Most
> often these are not enabled by default on non-BSD OSes.
according to several discussions that took part in the last 48 hours,
the flaw fixed in 3.4 might also impact on systems using PAM for
authenticating ssh logins; it appears to me that the involved group of
researchers did not test operating systems other than the free *BSDs.
CA-2002-18 has some more vendor specific information:
http://www.cert.org/advisories/CA-2002-18.html
sure, it's a critical bug, but one should not oversee the apache chunk
handling vulnerability published in CA-2002-17 as it has been integrated
into skr1ptk1dd13's "tools" already, apparently. depending on your
site's policy you probably have tight restrictions on ssh access, but
http is probably allowed from 0/0 so it might be even more critical.
regards,
/k
--=20
> [X] <-- nail here for new monitor
WebMonster Community Project -- Next Generation Networks GmbH -- All on BSD
http://www.webmonster.de/ -- ftp://ftp.webmonster.de/ -- http://www.ngenn.n=
et/
GnuPG: 0xDEC948A6 D/E BF11 83E8 84A1 F996 68B4 A113 B393 6BF4 DEC9 48A6
REVOKED: 0x2964BF46 D/E 42F9 9FFF 50D4 2F38 DBEE DF22 3340 4F4E 2964 BF46
REVOKED: 0x4C44DA59 RSA F9 A0 DF 91 74 07 6A 1C 5F 0B E0 6B 4D CD 8C 44
My mail is GnuPG signed -- Unsigned ones are bogus -- http://www.gnupg.org/
Please do not remove my address from To: and Cc: fields in mailing lists. 1=
0x
--9Ek0hoCL9XbhcSqy
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Comment: For info see http://www.gnupg.org
iD8DBQE9G0TJs5Nr9N7JSKYRAorKAJ9pvkd1iYOvJ7ZcZdowZcvUzXYIVwCfQ8gk
GpeZwgv9/8SLdRK90LLMSO0=
=cl8m
-----END PGP SIGNATURE-----
--9Ek0hoCL9XbhcSqy--
