SSH attacks ?
Benjamin J. Weiss
benjamin at Weiss.name
Thu Sep 16 18:12:53 UTC 2004
On Thu, 16 Sep 2004, Jeff wrote:
> Just to follow on from this - does OpenSSH 3.6.1p2 have a serious vuln. that I dont know about? Anyone got a link?
>
> Jeff
>
You can do a google, or check out the rpm change log for openssh. I'm not
sure about specific vulnerabiliies on specific versions (I just ensure
that I'm always patched), but I *do* know that version 1 of the ssh
protocol is seriously flawed, and that it's enabled by default on RH
installations. You need to edit /etc/ssh/sshd_config and modify the
Protocol line to only have Protocol 2.
Piece of trivia: In the second Matrix movie, you'll see Trinity hack into
a computer. She uses a known exploit of the ssh v1 protocol to do it. :)
Ben
More information about the redhat-list
mailing list