The Register® — Biting the hand that feeds IT

Feeds

OpenSSH exploit rumours swarm

As milw0rm shuts up shop

By John Leyden, 8th July 2009
  • print
  • alert

Regcast training : Hyper-V 3.0, VM high availability and disaster recovery

Rumours are circulating about the active exploitation of systems running older versions of OpenSSH, the open source remote administration utility.

Security watchers at the SANS Institute's Internet Storm Centre report circumstantial evidence of a mischief, including a log ostensibly showing an attack in progress, posted last Friday. In the absence of actual exploit code nothing can be confirmed.

One anonymous tipster told ISC that an exploit against older versions of OpenSSH might be presented as Black Hat, without providing any evidence. The absence of evidence has fuelled, rather than contained, chatter about the issue on internet security forums.

Speculation points to a possible problem that doesn't affect the latest version of OpenSSH, upgrading to which is a sensible idea irrespective of current gossip (examples here and here) among security geeks.

Red Hat Enterprise Linux ships with OpenSSH as a component and may therefore need upgrading, H Security adds.

ISC advises sys admins to upgrade to the latest version (5.2) of OpenSSH. The rumoured exploit is different from a confirmed denial of service attack posted on hacking site milw0rm, ISC notes.

In almost related news, milw0rm decided to call it a day on Wednesday, closing a chapter of one of the net's best known exploit portal/security websites. A brief note suggests the crew behind milw0rm are too busy with other projects to continue maintaining the site. ®

Agentless Backup is Not a Myth

COMMENTS

House Rules Send Corrections
All Reader Comments (11)
Latest Comments
David Eddleman

Not so hard

"Red Hat Enterprise Linux ships with OpenSSH as a component and may therefore need upgrading"

So hard.

yum update openssh*

y

Then for good measure: service sshd restart

Ooh, so hard a monkey could even do it.

0
0
EdwardP

@Gordon Ross - Smartarse

RedHat ships with OpenSSH 4.3 with the patches backported in, as opposed to most other Linux distributions who now ship the latest release.

0
0
Anonymous Coward

Suspcious log

This doesn't look at all right. That log (the second one linked) doesn't have an RHEL5 kernel and doesn't have the RHEL5 apache. Other things don't look quite right either. Just googling for the kernel version -- 2.6.24.5-grsec-hostnoc-4.0.0-x86_64-libata -- throws up a lot of stuff about this supposed exploit.

I'm not buying this until there's better evidence than one oft-repeated log of dubious veracity.

0
0

More from The Register

breaking news
Number of cops abusing Police National Computer access on the rise
Only a telegram from the Queen can get you off it
135
breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
96
Flash flaw potentially makes every webcam or laptop a PEEPHOLE
But it's a Google problem - Chrome only, insists Adobe
60
Internet fraud still stings suckers
Australians twice as gullible as Americans
36
breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
breaking news
Yahoo! joins! rivals! in! PRISM! data! request! admission!
Keep calm and carry on using American tech firms, folks
41
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
30
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
17