[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: maintaining http://www.linux.org.il/
On Sun, Dec 23, 2001 at 02:00:36PM +0200, Nadav Har'El wrote:
> On Sun, Dec 23, 2001, Yotam Rubin wrote about "Re: http://www.linux.org.il/ rants":
> > One crucially important update is ssh, whose version on iglu.org.il appears
> > to be vulnerable to the CRC compensation bug, which may grant arbitrary
> > access to attackers. You can try and convert that Redhat box to Debian,
> > which will ease the strain of constantly monitoring updates and allow trivial
> > upgradability. If I can assist you in any way, please tell me.
>
> Right. If I remember correctly, openSSH 2.1.1 *was* vulnerable :(
>
> There's no need to upgrade to debian for this...
At least there's a consensus that converting to Debian is considered an
upgrade :)
>
> The new openSSH is in the updates directory for probably over 8 months...
> please check...
SSH scans have increased in frequency, and I have already encountered several
machines which were compromised vis ssh. It would be wise to perform an
extensive audit of the server. I reiterate, if assistance is required in any
of the aforementioned tasks, tell me.
Regards, Yotam Rubin
>
> --
> Nadav Har'El | Sunday, Dec 23 2001, 8 Tevet 5762
> nyh@math.technion.ac.il |-----------------------------------------
> Phone: +972-53-245868, ICQ 13349191 |If I am not for myself, who will be for
> http://nadav.harel.org.il |me? If I am only for myself, who am I?
>
> =================================================================
> To unsubscribe, send mail to linux-il-request@linux.org.il with
> the word "unsubscribe" in the message body, e.g., run the command
> echo unsubscribe | mail linux-il-request@linux.org.il
>
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il